| title | Update secureScoreControlProfile |
|---|---|
| description | Update an editable secureScoreControlProfile object within any integrated solution to change various properties, such as assignedTo or tenantNote. |
| author | preetikr |
| ms.localizationpriority | medium |
| ms.subservice | security |
| doc_type | apiPageType |
| ms.date | 03/06/2024 |
Namespace: microsoft.graph
Update an editable secureScoreControlProfile object within any integrated solution to change various properties, such as assignedTo or tenantNote.
[!INCLUDE national-cloud-support]
Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions only if your app requires it. For details about delegated and application permissions, see Permission types. To learn more about these permissions, see the permissions reference.
[!INCLUDE permissions-table]
PATCH /security/secureScoreControlProfiles/{id}| Name | Description |
|---|---|
| Authorization | Bearer {code}. Required. |
| Prefer | return=representation. |
In the request body, supply a JSON representation of the values for relevant fields that should be updated. The body must contain the vendorInformation property with valid provider and vendor fields. The following table lists the fields that can be updated for a secureScoreControlProfile. The values for existing properties that are not included in the request body will not change. For best performance, don't include existing values that haven't changed.
| Property | Type | Description |
|---|---|---|
| assignedTo | String | Name of the analyst the control is assigned to for triage, implementation, or remediation. |
| comment | String | Analyst comments on the control (for customer control management). |
| state | String | Analyst driven setting on the control. Possible values are: Default, Ignored, ThirdParty, Reviewed. |
| vendorInformation | securityVendorInformation | Complex type containing details about the security product/service vendor, provider, and subprovider (for example, vendor=Microsoft; provider=SecureScore;). Provider and vendor fields are required. |
If successful, this method returns a 204 No Content response code.
If the optional request header is used, the method returns a 200 OK response code and the updated secureScoreControlProfiles object in the response body.
The following example shows a request.
PATCH https://graph.microsoft.com/v1.0/security/secureScoreControlProfiles/NonOwnerAccess
Content-type: application/json
{
"assignedTo": "",
"comment": "control is reviewed",
"state": "Reviewed",
"vendorInformation": {
"provider": "SecureScore",
"providerVersion": null,
"subProvider": null,
"vendor": "Microsoft"
}
}[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
The following is an example of a successful response.
HTTP/1.1 204 No ContentThe following example shows a request that includes the Prefer request header.
PATCH https://graph.microsoft.com/v1.0/security/secureScoreControlProfiles/NonOwnerAccess
Content-type: application/json
{
"assignedTo": "",
"comment": "control is reviewed",
"state": "Reviewed",
"vendorInformation": {
"provider": "SecureScore",
"providerVersion": null,
"subProvider": null,
"vendor": "Microsoft"
}
}[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
The following is an example of the response when the optional Prefer: return=representation request header is used.
Note: The response object shown here might be shortened for readability.
HTTP/1.1 200 OK
Content-type: application/json
{
"id": "NonOwnerAccess",
"azureTenantId": "00000001-0001-0001-0001-000000000001c",
"actionType": "Review",
"actionUrl": "https://outlook.office365.com/NonOwnerAccessReport.aspx",
"controlCategory": "Data",
"title": "Review mailbox access by non-owners bi-weekly",
"deprecated": false,
"implementationCost": "Low",
"lastModifiedDateTime": null,
"maxScore": 5.0,
"rank": 25,
"remediation": "Once you have opened the search tool, specify a date range and select access by <b>All non-owners</b> or <b>External users</b>",
"remediationImpact": "This change will have no effect on your users",
"service": "EXO",
"threats": [
"Account Breach",
"Data Exfiltration",
"Malicious Insider"
],
"tier": "Core",
"userImpact": "Low",
"complianceInformation": [
{
"certificationName": "FedRAMP_Moderate",
"certificationControls": [
{
"name": "AC-6(9)",
"url": "",
}
]
}
],
"controlStateUpdates": [
{
"assignedTo": "",
"comment": "control is reviewed",
"state": "Reviewed",
"updatedBy": "user1@contoso.com",
"updatedDateTime": "2019-03-19T22:37:14.628799Z"
}
],
"vendorInformation": {
"provider": "SecureScore",
"providerVersion": null,
"subProvider": null,
"vendor": "Microsoft"
}
}