search

microsoftgraph / microsoft-graph-explorer-v4

React/Redux version of Graph Explorer used to learn the Microsoft Graph Api
https://developer.microsoft.com/graph/graph-explorer
MIT License
202 stars 84 forks source link

"signInActivity" attribute causes get users delta request to return an error #3189

Closed nirm-silverfort closed 2 weeks ago

nirm-silverfort commented 3 weeks ago

I'm connected to my Azure tenant and I have an Azure Active Directory Premium P1 license. I'm using the explorer to query the following: https://graph.microsoft.com/v1.0/users/delta?$select=id,signInActivity I want to get all kinds of user attributes and I recently tried to add the signInActivity attribute to get sign-in related data.

Expected: query should be successful with all the requested data (this is based on the docs). Actual: query response returns the following error:

{
    "error": {
        "code": "BadRequest",
        "message": "Invalid request for delta query: for this entity set, $expand/$select is not supported for the following properties: signInActivity",
        "innerError": {
            "date": "2024-06-11T10:31:27",
            "request-id": "eac0ce13-66ac-4e58-a71d-dcd06f3e8b33",
            "client-request-id": "f246ff61-2360-5d21-a799-cfe24e22d20f"
        }
    }
}

As far as I know all the relevant prerequisites are fulfilled, as mentioned in https://learn.microsoft.com/en-us/graph/api/resources/user?view=graph-rest-1.0 under the signInActivity attribute. image

  1. I have a P1 license.
  2. AuditLog.Read.All permission is enabled, can be seen here: image
  3. My account was created recently, therefore all the users were created around Feb 2024.
  4. All the query's permissions (calculated automatically by the explorer) are given, can be seen here: image

How to reproduce Just run the query in the explorer

My thoughts Maybe it is related to the fact that in the docs the AuditLog.Read.All is needed, but in the query's permission we can see that it is not even mentioned.

Thanks

nirm-silverfort commented 3 weeks ago

Hi, just managed to get the data for a single user request, e.g https://graph.microsoft.com/v1.0/users/0ad2fb25-a8b6-4ed3-8a36-ebb6a4efa5e6?$select=id,userPrincipalName,signInSessionsValidFromDateTime,signInActivity

Is it by design? If the answer is yes, I think you should emphasize the fact that the signInActivity attribute is relevant for a single user request (by id) and not for all users or the delta api. And I would like to ask to add that data as a feature request.

If the answer is no, then there is a bug.