Hi @Longfei Chen , I suppose that the error you are getting is caused by the API not being able to locate the table to are trying to query out. Advanced Hunting API currently only supports a subset of tables available in the Microsoft 365 security center and that could be the case with the IdentityInfo table.
Advanced Hunting API cannot query IndetityInfo table
Longfei Chen
5
Reputation points Microsoft Employee
In Postman, I send POST request to https://api.securitycenter.microsoft.com/api/advancedqueries/run and the payload is as below:
{
"Query":"IdentityInfo"
}
I got 400 Bad Request
and response is as below:
{
"error": {
"code": "BadRequest",
"message": "'table' operator: Failed to resolve table expression named 'IdentityInfo'. Fix semantic errors in your query.",
"target": "|16f0c184-457c5de8428dcfb0."
}
}
However, I can get the IdentityInfo
in https://security.microsoft.com/v2/advanced-hunting?tid=15c918e9-0017-4cbb-8215-80dbc9dfc876
Is there some error in my Azure AD API permission configuration?
1 answer
Sort by: Most helpful
-
Fiona Matu 86 Reputation points Microsoft Employee
2024-01-30T15:14:58.8866667+00:00