| title | alert resource type |
|---|---|
| description | Represents a system-detected health monitoring alert associated with common Microsoft Entra authentication and access management scenarios. |
| author | huatang92 |
| ms.localizationpriority | medium |
| ms.subservice | entra-monitoring-health |
| doc_type | resourcePageType |
| ms.date | 10/17/2024 |
Namespace: microsoft.graph.healthMonitoring
[!INCLUDE beta-disclaimer]
Represents a system-detected health monitoring alert associated with common Microsoft Entra authentication and access management scenarios. Anomaly detection catches unusual patterns in health metrics data streams, for example, unusually high MFA sign-in failures, and surfaces these patterns in the form of alerts in Microsoft Entra Health monitoring.
This resource supports subscribing to change notifications.
Inherits from microsoft.graph.entity.
| Method | Return type | Description |
|---|---|---|
| List | microsoft.graph.healthMonitoring.alert collection | Get a list of the microsoft.graph.healthMonitoring.alert objects and their properties. |
| Get | microsoft.graph.healthMonitoring.alert | Read the properties and relationships of a microsoft.graph.healthMonitoring.alert object. |
| Update | microsoft.graph.healthMonitoring.alert | Update the properties of a microsoft.graph.healthMonitoring.alert object. |
| Property | Type | Description |
|---|---|---|
| alertType | microsoft.graph.healthMonitoring.alertType | Indicates which type of scenario an alert is associated with. The possible values are: unknown, mfaSignInFailure, managedDeviceSignInFailure, compliantDeviceSignInFailure, unknownFutureValue, conditionalAccessBlockedSignIn, samlSignInFailure. Use the Prefer: include-unknown-enum-members request header to get the following value or values in this evolvable enum: conditionalAccessBlockedSignIn, samlSignInFailure. Supports $filter (eq). |
| category | microsoft.graph.healthMonitoring.category | The classification that groups the scenario. The possible values are: unknown, authentication, unknownFutureValue. |
| createdDateTime | DateTimeOffset | The time when Microsoft Entra Health monitoring generated the alert. Supports $orderby. |
| documentation | microsoft.graph.healthMonitoring.documentation | A key-value pair that contains the name of and link to the documentation to aid in investigation of the alert. |
| enrichment | microsoft.graph.healthMonitoring.enrichment | Investigative information on the alert. This information typically includes counts of impacted objects, which include directory objects such as users, groups, and devices, and a pointer to supporting data. |
| id | String | The unique GUID identifier of this alert in the associated tenant. Inherited from microsoft.graph.entity. |
| scenario | microsoft.graph.healthMonitoring.scenario | The area being monitored on the system that is emitting the source signals. The possible values are: unknown, mfa, devices, unknownFutureValue, conditionalAccess, saml. Use the Prefer: include-unknown-enum-members request header to get the following value or values in this evolvable enum: conditionalAccess, saml. |
| signals | microsoft.graph.healthMonitoring.signals | The collection of signals that were used in the generation of the alert. These signals are sourced from serviceActivity APIs and are added to the alert as key-value pairs. |
| state | microsoft.graph.healthMonitoring.alertState | The current lifecycle state of the alert. The possible values are: active, resolved, unknownFutureValue. |
None.
The following JSON representation shows the resource type.
{
"@odata.type": "#microsoft.graph.healthMonitoring.alert",
"id": "String (identifier)",
"alertType": "String",
"scenario": "String",
"category": "String",
"createdDateTime": "String (timestamp)",
"state": "String",
"enrichment": {
"@odata.type": "microsoft.graph.healthMonitoring.enrichment"
},
"signals": {
"@odata.type": "microsoft.graph.healthMonitoring.signals"
},
"documentation": {
"@odata.type": "microsoft.graph.healthMonitoring.documentation"
}
}