If you find a security issue (e.g. credentials being logged, an endpoint leaking data), please do not open a public issue. Open a GitHub Security Advisory instead so it can be fixed before public disclosure.
Microsoft occasionally changes, deprecates, or moves Graph API endpoints. If a dashboard card stops working or shows a permission error, please open an issue using this format:
Title: [BROKEN API] <page name> — <endpoint>
Include:
- Which page/card is affected (e.g. "Identity page — Risk Detections card")
- The error shown on screen (e.g. "403 Forbidden" or "404 Not Found")
- Your approximate date when it broke
- Link to the Microsoft changelog entry if you found one
| Endpoint area | Stability | Notes |
|---|---|---|
| Risky users / sign-ins | ✅ Stable | v1.0, unchanged since 2021 |
| MFA registration details | ✅ Stable | v1.0 |
| Intune device compliance | ✅ Stable | v1.0 |
| Conditional Access policies | ✅ Stable | v1.0 |
Defender XDR alerts (alerts_v2) |
✅ Stable | v1.0, replaced alerts in 2022 |
| Defender XDR incidents | ✅ Stable | v1.0 |
| Service health | ✅ Stable | v1.0 |
| Audit logs / sign-ins | ✅ Stable | v1.0 |
| Attack simulation | v1.0 but feature-flagged by license | |
| Insider Risk (IRM) | Requires Microsoft Purview license | |
| Identity health issues | /beta/ endpoint — may change without notice |
|
| MCAS alerts | Merging into Defender XDR over time |
Subscribe to the official Microsoft Graph changelog to get notified of breaking changes:
🔗 https://developer.microsoft.com/en-us/graph/changelog
Each dashboard card fetches independently. If one Graph endpoint returns an error (403, 404, 429), that card shows an inline error message — all other pages and cards keep working. No single API change can break the whole dashboard.