Develop Reference

Get all TI Indicators returns an empty list

I am trying to collect all active TIs via the Beta Graph API by following this. But it doesn't return anything. Here is what I use in Postman:
https://graph.microsoft.com/beta/security/tiIndicators
Response (200):
{
"#odata.context": "https://graph.microsoft.com/beta/$metadata#security/tiIndicators",
"value": []
}
A bit of context for the environment I work in.
The tenant has multiple Sentinel workspaces & resource groups.
The application I use has the correct permissions:
ThreatIndicators.Read.All
ThreatIndicators.ReadWrite.OwnedBy
ThreatSubmission.Read.All
ThreatSubmission.ReadWrite.All
It is my current belief that this might be due to the limitations of the Beta API. My reasoning is that accourding to this documentation you need the ThreatIndicators.ReadWrite.OwnedBy permission to access the API. This would suggest that currently you can only view TI's that the resource itself created.
If more info is needed just ask.

According to the documentation, ThreatIndicators.ReadWrite.OwnedBy permission allow you to manage threat indicators your app creates or owns.
If you want to read all the threat indicators for your organization then your app needs ThreatIndicators.Read.All permission.

Although this is not a solution to the question it is a workaround. By using the Log Analytics API you can get the TI via a KQL.
ThreatIntelligenceIndicator
| where ExpirationDateTime > now() and
NetworkIP matches regex #"^(?:(?:25[0-5]|(?:2[0-4]|1\d|[1-9]|)\d)\.?\b){4}$" and
ConfidenceScore > 25
| summarize by NetworkIP
This is probably better as you can also use a watchlist to exclude specific IP addresses with one request.
One thing I struggled with this was Authorization. You must give your Application permission to use the api.loganalytics.io API, and the application needs the Log Analytics Reader role in the Log Analytic workspace you want to use.

How to start using Delta function in Microsoft graph by skipping initial data

Microsoft recommends to use delta function in combination with Subscriptions/Notifications to synchronize mailbox. So my plan is:
Create subscription
Receive notification about new mail in inbox
Use delta function to get latest changes in the inbox
My mailbox already has several thousands of letters. If I run the query
https://graph.microsoft.com/v1.0/users/{id}/mailFolders/inbox/messages/delta
It will return in response #odata.nextLink with $skiptoken param many times and only after I get all the thousands of emails in my mailbox I will receive response with $deltatoken to track new changes.
Is there a way to get deltatoken after the first request? I don't want to synchronize the old messages. I want to skip all old messages in inbox and have a fresh start.

Today the delta query functionality does not support this scenario. To request new features please post ideas to uservoice

This is supported for some endpoints. You can use $deltaToken=latest to get just a deltaToken without any resource data. It's not, as far as I can tell, available for mailboxes… but who knows, maybe it will be soon.
This is not documented anywhere in the documentation for the specific APIs that do support it, but is instead documented in the Overview for change tracking. Why? Because Microsoft wants you to be sad all the time.

Returning employeeId of a user through MS Graph API

I've been trying to return the employeeId of a user through the Microsoft Graph API but so far haven't had much luck.
I'm assuming this is probably because it doesn't exist in the metadata for the user in the Graph API so makes sense.
However, the property is populated in Azure AD. If I use the AZ command prompt to query the user I can see the property. Likewise, if I query the old Active Directory Graph API endpoint I can even see it there.
For example, querying
https://graph.windows.net/{tennant}/users/{upn}?api-version=1.6 directly I receive the employeeId as part of the response (using the ActiveDirectoryClient however seems to ignore this property and doesn't store it anywhere).
Is there any reason for this? Wouldn't it make sense to have it returned as an additional property? I've also looked into extensions, but as it's not an extension isn't returned there.
Any help would be appreciated. I can get the information I need by querying the old endpoint directly, but this seems like a complete backwards step and involves multiple queries to get the information I need - including having to use multiple end points (one of which I assume will be deprecated and removed soon).

EmployeeId is currently a beta feature and is only available in the beta endpoint of the Graph API.
So if you want to access the beta endpoint you just have to change the version to beta in your url. For example:
https://graph.microsoft.com/beta/me/
https://graph.microsoft.com/beta/users/{id|upn}/
https://graph.windows.net/{tennant}/users/{id|upn}?api-version=beta
For more information about the user-object in the beta endpoint see: https://developer.microsoft.com/en-us/graph/docs/api-reference/beta/resources/user

Microsoft Graph Missing Sites

I'm trying to fetch all the sites under our tenant and some are missings. We recently created a new site (not subsite) and we cannot found it when searching with Microsoft Graph.
Here's the request url that we are using:
https://graph.microsoft.com/v1.0/sites/?search=*
I also tried to use this url from beta docs but it's not working either:
https://graph.microsoft.com/beta/sites?filter=root%20ne%20null&select=siteCollection,webUrl
Though, I can found it with the get by path url:
https://graph.microsoft.com/v1.0/sites/{hostname}:/{site-path}
Does the site need to have a specific setting to appear in the result when searching?
I want to be able to list all the sharepoint sites that exists.

Based on my latest test, the following url not handle same data so different results(Attetion to my code comment):
//just return the team site(subsite of teams/sites)
https://graph.microsoft.com/v1.0/sites/{hostname}:/{site-path}
//Will return the tenant site collection
https://graph.microsoft.com/beta/sites/root?select=siteCollection,webUrl&filter=root%20ne%20null
To get the modern team sites for the groups, we need to use groups end point from Microsoft Graph. No API to list all the modern team sites directly, we can loop through the groups and then get the site URL with this API: https://graph.microsoft.com/v1.0/groups/<group-id>/drive/root/webUrl.
Please check if the site in your case with issue is a modern team sites?
Some reference from 3rd blog:
https://www.eliostruyf.com/get-the-site-url-of-an-office-365-group-via-the-microsoft-graph/

Bitbucket search repo API

I've been trying to find an API to query repositories on BitBucket based on language they're written in. Few years ago I've been using
https://bitbucket.org/repo/all/relevance?language=X
But right now the link is dead.
There is a new API under
https://bitbucket.org/api/2.0/repositories
But theres no documentation on any query parameters.
Is there any way to browse public repos?

No, at this moment there is no way to browse repositories on Bitbucket without using the search function. There is a proposal to add such a feature, expressed in issue #2934, which you might want to vote/watch.
On the API side, you can browse all public repositories using the endpoint https://bitbucket.org/api/2.0/repositories/, but you can't search and/or filter results.

Not sure when the API changed, but you can now do this by using the following syntax
https://api.bitbucket.org/2.0/repositories/USER_NAME?q=language=%22LANGUAGE%22
%22 is the decoded version of "
For a bit more information on filtering the request, refer to:
https://developer.atlassian.com/bitbucket/api/2/reference/meta/filtering#supp-endpoints
You can click on this link for a working example:
https://api.bitbucket.org/2.0/repositories/craigiswayne?q=language=%22shell%22
Should only bring back my public repositories that are set with shell language