Using the Entra ID Entity analytics, it has been useful to extend the default properties gathered such as department.
Going further it would be worthwhile to have the manager or directReports information to have instant access to a user's supervisor when handling security investigations.
It appears that we cannot simply add:
-manager or -directReports
The manager only returns the ID of the manager and not the full human readable information.
Using the Entra ID Entity analytics, it has been useful to extend the default properties gathered such as department.
Going further it would be worthwhile to have the manager or directReports information to have instant access to a user's supervisor when handling security investigations.
It appears that we cannot simply add: -manager or -directReports
The manager only returns the ID of the manager and not the full human readable information.
Here are the sample requests:https://learn.microsoft.com/en-us/graph/api/resources/user?view=graph-rest-1.0
And here are the types for those properties which are found in the docs above:
"directReports": [ { "@odata.type": "microsoft.graph.directoryObject" } ], "manager": { "@odata.type": "microsoft.graph.directoryObject" },
This is what I found returned in the data today when adding -manager:
Note: The ID is showing, not the full text and details of the manager.
Based on InTune data that also uses this information, I would expect to see the human readable Manager text like this:![image](https://github.com/elastic/integrations/assets/5582679/350d6d1d-aa4f-499e-9d95-3f0565969ad8)