Microsoft Graph Security API

See all products by this partner 

The Microsoft Graph Security API federates requests to all providers in the Microsoft Graph Security ecosystem. This is based on the security provider consent provided by the application, as shown in the following diagram. The consent workflow only applies to non-Microsoft providers.

Request Information


  • down-arrow Citrix Analytics
    Citrix Analytics for Security
  • down-arrow Citrix Workspace
    Citrix Workspace

Product Details

You can use the Microsoft Graph Security API to connect Microsoft security products, services, and partners to streamline security operations and improve threat protection, detection, and response capabilities. The Microsoft Graph Security API is an intermediary service (or broker) that provides a single programmatic interface to connect multiple Microsoft Graph Security providers (also called security providers or providers). Requests to the Microsoft Graph Security API are federated to all applicable security providers.

  • The application user signs in to the provider application to view the consent form from the provider. This consent form experience or UI is owned by the provider and applies to non-Microsoft providers only to get explicit consent from their customers to send requests to Microsoft Graph Security API.
  • The client consent is stored on the provider side.
  • The provider consent service calls the Microsoft Graph Security API to inform consent approval for the respective customer.
  • The application sends a request to the Microsoft Graph Security API.
  • The Microsoft Graph Security API checks for the consent information for this customer mapped to various providers.
  • The Microsoft Graph Security API calls all those providers the customer has given explicit consent to via the provider consent experience.
  • The response is returned from all the consented providers for that client.
  • The result set response is returned to the application.
  • If the customer has not consented to any provider, no results from those providers are included in the response.