Monitoring Security Identity Health Issues via Microsoft Graph API

Kumaresan MuppidathiKumaresan Muppidathi
3 min read

When working with Microsoft 365 Security and Azure Active Directory (Entra ID), itโ€™s critical to monitor the health status of your identities. Microsoft provides a Graph API endpoint that helps us retrieve open health issues related to identities in your tenant.

In this post, Iโ€™ll walk you through:

  • The API endpoint

  • Request & response details

  • Real-world use cases

  • A screenshot of the relevant Azure settings

๐Ÿ“Œ API Endpoint

Weโ€™ll be using the beta endpoint of Microsoft Graph:

GET https://graph.microsoft.com/beta/security/identities/healthIssues?$filter=Status eq 'open'

This query fetches all identity health issues that have a status of open in your tenant.

๐Ÿ”‘ Prerequisites

Before making the request, ensure that:

  1. Your tenant is onboarded to Microsoft Defender for Identity.

  2. You have the right permissions in Azure AD (such as Security.Read.All or equivalent).

  3. Youโ€™ve granted admin consent for your app or have sufficient Graph Explorer permissions.

๐Ÿ“ค Request Example

You can call the API via:

Graph Explorer

GET https://graph.microsoft.com/beta/security/identities/healthIssues?$filter=Status eq 'open' Authorization: Bearer

๐Ÿ“ฅ Sample Response

Hereโ€™s an example of what the API may return:

{
  "@odata.context": "https://graph.microsoft.com/beta/$metadata#security/identities/healthIssues",
  "value": [
    {
      "id": "1234abcd-5678-efgh-9101-112131415",
      "displayName": "Sensor is not reporting",
      "healthIssueType": "SensorConnectivity",
      "status": "open",
      "recommendedAction": "Check if the sensor service is running and network connectivity is available",
      "lastUpdatedDateTime": "2025-08-20T10:30:00Z"
    },
    {
      "id": "9876zyxw-5432-vut-1098-7654321",
      "displayName": "Domain Controller not synced",
      "healthIssueType": "SyncFailure",
      "status": "open",
      "recommendedAction": "Verify domain controller synchronization settings",
      "lastUpdatedDateTime": "2025-08-19T14:20:00Z"
    }
  ]
}

๐Ÿ›  Uses of This API

  • Proactive Monitoring โ€“ Identify open health issues in your identity system.

  • Automation โ€“ Integrate into monitoring dashboards, alerts, or ITSM workflows.

  • Security Compliance โ€“ Ensure identity-related issues are tracked and resolved quickly.

๐Ÿ“ธ Azure Portal Screenshot

โœ… Conclusion

The security/identities/healthIssues API in Microsoft Graph is a powerful way to track open issues programmatically. Whether you use it in Graph Explorer, PowerShell, or custom monitoring scripts, it provides valuable insights into the health of your identity security posture.

๐Ÿ“‚ 1. Ready-to-use .http file

Create a file named GetHealthIssues.http and paste this content:

### Get open health issues from Microsoft Graph
GET https://graph.microsoft.com/beta/security/identities/healthIssues?$filter=Status eq 'open'
Authorization: Bearer {{access_token}}
Content-Type: application/json

๐Ÿ‘‰ Replace {{access_token}} with a valid Graph API token (you can generate via Graph Explorer or Azure app registration with client credentials).

๐Ÿ“‚ 2. Postman Collection

Save the below JSON as GraphHealthIssues.postman_collection.json and import it into Postman.

{
  "info": {
    "name": "Microsoft Graph - Health Issues",
    "_postman_id": "7a7c7c0a-1234-5678-9abc-ef9876543210",
    "description": "Collection to fetch open identity health issues from Microsoft Graph API",
    "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json"
  },
  "item": [
    {
      "name": "Get Open Health Issues",
      "request": {
        "method": "GET",
        "header": [
          {
            "key": "Authorization",
            "value": "Bearer {{access_token}}",
            "type": "text"
          },
          {
            "key": "Content-Type",
            "value": "application/json",
            "type": "text"
          }
        ],
        "url": {
          "raw": "https://graph.microsoft.com/beta/security/identities/healthIssues?$filter=Status eq 'open'",
          "protocol": "https",
          "host": [
            "graph",
            "microsoft",
            "com"
          ],
          "path": [
            "beta",
            "security",
            "identities",
            "healthIssues"
          ],
          "query": [
            {
              "key": "$filter",
              "value": "Status eq 'open'"
            }
          ]
        }
      },
      "response": []
    }
  ]
}

๐Ÿ”‘ How to Use

  1. In Postman

    • Import the collection.

    • Add an environment variable access_token.

    • Generate a token using Graph Explorer or via Azure AD app registration.

  2. In VS Code with REST Client extension

    • Open the .http file.

    • Replace {{access_token}} with your token.

    • Click Send Request.

0
Subscribe to my newsletter

Read articles from Kumaresan Muppidathi directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Securityidentity-managementAzure

Written by

Kumaresan Muppidathi
Kumaresan Muppidathi