[BUG] System.UriFormatException when deserializing Microsoft.SecurityInsights/Entities of type Url

Library name and version

Azure.ResourceManager.SecurityInsights 1.2.0-beta.1

Describe the bug

When deserializing a Sentinel Entity of the type Url which contains an uri which is not a valid url the System.UriFormatException exception occurs. Below an example with redacted customer information which throws an exception:

{
  "id": "/subscriptions/<subscription id>/resourceGroups/<resource group name>/providers/Microsoft.OperationalInsights/workspaces/<workspace name>/providers/Microsoft.SecurityInsights/Entities/<entity id>",
  "name": "<entity id>",
  "type": "Microsoft.SecurityInsights/Entities",
  "kind": "Url",
  "properties": {
    "url": "test.domain.io",
    "additionalData": {
      "DetonationVerdict": "GOOD",
      "DetonationFinalUrl": "test.domain.io"
    },
    "friendlyName": "test.domain.io"
  }
}

The exception is thrown within the file SecurityInsightsIncidentResource.cs line 870

See the SecurityInsightsUriEntity.cs model on line 80 which defines propeties.url as of type Uri.

In this case it was a Sentinel Security Incident which was ingested using a data connector from Microsoft Defender XDR.

Expected behavior

The Sentinel Entity model is aligned with the Security Graph urlEvidence resource type model.

The Sentinel Entities are aligned with the Microsoft Defender XDR evidence types. In this case the Sentinel Url Entity should have for the properties.url as type a string instead of an Url.

Actual behavior

A Microsoft Defender XDR security incident with an url evidence type which only contains the FQDN in the uri type is mapped to a Sentinel Url Entity with the same data which causes an exception when a FQDN is deserialized to an Uri type.

Reproduction Steps

Using the snippet below to request the entities of a Sentinel Incident which contains an entity that doesn't have a valid url:

var workspaceResourceId = OperationalInsightsWorkspaceSecurityInsightsResource.CreateResourceIdentifier("<subscription id>", "<resource group name>", "<workspace name>");
var cred = new ClientSecretCredential("<entra id tenant id>", "<client id>", "<secret>");
var armClient = new ArmClient(cred);
var workspaceResource = _armClient.GetOperationalInsightsWorkspaceSecurityInsightsResource(workspaceResourceId);
var incidentResource = await _workspaceResource.GetSecurityInsightsIncidentAsync("<Sentinel incident id>", CancellationToken.None);
var entities = await incidentResource.Value.GetEntitiesResultAsync(CancellationToken.None);

Below the full exception:

System.UriFormatException: Invalid URI: The format of the URI could not be determined.
   at System.Uri.CreateThis(String uri, Boolean dontEscape, UriKind uriKind, UriCreationOptions& creationOptions)
   at System.Uri..ctor(String uriString)
   at Azure.ResourceManager.SecurityInsights.Models.SecurityInsightsUriEntity.DeserializeSecurityInsightsUriEntity(JsonElement element, ModelReaderWriterOptions options)
   at Azure.ResourceManager.SecurityInsights.Models.SecurityInsightsEntity.DeserializeSecurityInsightsEntity(JsonElement element, ModelReaderWriterOptions options)
   at Azure.ResourceManager.SecurityInsights.Models.SecurityInsightsIncidentEntitiesResult.DeserializeSecurityInsightsIncidentEntitiesResult(JsonElement element, ModelReaderWriterOptions options)
   at Azure.ResourceManager.SecurityInsights.IncidentsRestOperations.ListEntitiesAsync(String subscriptionId, String resourceGroupName, String workspaceName, String incidentId, CancellationToken cancellationToken)
   at Azure.ResourceManager.SecurityInsights.SecurityInsightsIncidentResource.GetEntitiesResultAsync(CancellationToken cancellationToken)

Environment

.NET SDK:
 Version:           8.0.400
 Commit:            36fe6dda56
 Workload version:  8.0.400-manifests.74e8da0c
 MSBuild version:   17.11.3+0c8610977

Runtime Environment:
 OS Name:     Windows
 OS Version:  10.0.19045
 OS Platform: Windows
 RID:         win-x64
 Base Path:   C:\Program Files\dotnet\sdk\8.0.400\

Azure / azure-sdk-for-net