Ideas to get started:

Here are a few ideas to get your creativity flowing! Also, check out this example from Demisto.


Correlate security alerts from multiple sources

By connecting and enriching alerts from multiple providers, you can decide which alerts to focus on first (multiple alerts related to a single user might indicate that the user has been compromised) and you can more quickly to assess the scope and impact of an attack (get all alerts related to a specific user or device or IP address).

Proactively manage security risk

Use Microsoft Secure Score to help customers proactively manage security risk. Gain visibility into an organization’s security posture and guidance on how to improve it.

Tap into other Microsoft Graph services to enrich your security scenarios:

Get context to inform security operations

Integrate insights about users, groups, devices and apps from other parts of the Microsoft Graph. A user in an executive role or with access to sensitive data may be a seen as a high value target by attackers. Get additional context on a compromised user’s interaction with other people and documents.

Take action in response to threats

Send emails notifying a security investigation team to investigate high severity alerts as they arrive. Assign alerts as they arrive for investigations with planner integration and update alerts with these assignments.

Share reports with security posture trends

Enable a weekly trend report for review of the organization’s secure score to measure improvements made and plan new improvements.

Much, much more

Check out the complete list of Microsoft Graph entities below and feel free to leverage non-Microsoft products or APIs as well to enrich your scenarios.