Merge pull request #104357 from davidmu1/reportsmonitoring1

Graph scrub on reports monitoring

Author: Jak-MS

articles/active-directory/reports-monitoring/concept-reporting-api.md

@@ -47,13 +47,10 @@ For detailed instructions, see the [prerequisites to access the Azure Active Dir
 The Microsoft Graph API endpoint for audit logs is `https://graph.microsoft.com/beta/auditLogs/directoryAudits` and the Microsoft Graph API endpoint for sign-ins is `https://graph.microsoft.com/beta/auditLogs/signIns`. For more information, see the [audit API reference](https://developer.microsoft.com/graph/docs/api-reference/beta/resources/directoryaudit) and [sign-in API reference](https://developer.microsoft.com/graph/docs/api-reference/beta/resources/signIn).
 
 In addition, you can use the [Identity Protection risk detections API](https://developer.microsoft.com/graph/docs/api-reference/beta/resources/identityriskevent) to gain programmatic access to security detections using Microsoft Graph. For more information, see [Get started with Azure Active Directory Identity Protection and Microsoft Graph](../identity-protection/graph-get-started.md). 
-
-> [!NOTE]
->  The **https:\/\/graph.windows.net\/\<tenant-name\>\/reports\/** endpoint is deprecated. Use the new API endpoints described above to programmatically access the activity and security reports.
 
-## APIs with Graph Explorer
+## APIs with Microsoft Graph Explorer
 
-You can use the [MSGraph explorer](https://developer.microsoft.com/graph/graph-explorer) to verify your sign-in and audit API data. Make sure to sign in to your account using both of the sign-in buttons in the Graph Explorer UI, and set **AuditLog.Read.All** and **Directory.Read.All** permissions for your tenant as shown.   
+You can use the [Microsoft Graph explorer](https://developer.microsoft.com/graph/graph-explorer) to verify your sign-in and audit API data. Make sure to sign in to your account using both of the sign-in buttons in the Graph Explorer UI, and set **AuditLog.Read.All** and **Directory.Read.All** permissions for your tenant as shown.   
 
 ![Graph Explorer](./media/concept-reporting-api/graph-explorer.png)
 

articles/active-directory/reports-monitoring/howto-configure-prerequisites-for-reporting-api.md

@@ -22,7 +22,7 @@ ms.collection: M365-identity-device-management
 ---
 # Prerequisites to access the Azure Active Directory reporting API
 
-The [Azure Active Directory (Azure AD) reporting APIs](https://msdn.microsoft.com/library/azure/ad/graph/howto/azure-ad-reports-and-events-preview) provide you with programmatic access to the data through a set of REST-based APIs. You can call these APIs from of programming languages and tools.
+The [Azure Active Directory (Azure AD) reporting APIs](https://docs.microsoft.com/azure/active-directory/reports-monitoring/concept-reporting-api) provide you with programmatic access to the data through a set of REST-based APIs. You can call these APIs from of programming languages and tools.
 
 The reporting API uses [OAuth](https://docs.microsoft.com/azure/api-management/api-management-howto-protect-backend-with-aad) to authorize access to the web APIs.
 
@@ -187,7 +187,6 @@ You need these values when configuring calls to the reporting API.
 
 This section lists the common error messages you may run into while accessing activity reports using the Microsoft Graph API and steps for their resolution.
 
-
 ### Error: Failed to get user roles from Microsoft Graph
 
  Sign into your account using both sign-in buttons in the Graph Explorer UI to avoid getting an error when trying to sign in using Graph Explorer. 
@@ -200,7 +199,6 @@ If you run into this error message while trying to access sign-ins using Graph E
 
 ![Modify permissions UI](./media/troubleshoot-graph-api/modify-permissions.png)
 
-
 ### Error: Tenant is not B2C or tenant doesn't have premium license
 
 Accessing sign-in reports requires an Azure Active Directory premium 1 (P1) license. If you see this error message while accessing sign-ins, make sure that your tenant is licensed with an Azure AD P1 license.
@@ -211,7 +209,7 @@ Accessing sign-in reports requires an Azure Active Directory premium 1 (P1) lice
 
 ### Error: Application missing AAD 'Read directory data' permission 
 
-### Error: Application missing Microsoft API 'Read all audit log data' permission
+### Error: Application missing Microsoft Graph API 'Read all audit log data' permission
 
 Follow the steps in the [Prerequisites to access the Azure Active Directory reporting API](howto-configure-prerequisites-for-reporting-api.md) to ensure your application is running with the right set of permissions. 
 

articles/active-directory/reports-monitoring/reports-faq.md

@@ -1,6 +1,6 @@
 ---
 title: Azure Active Directory Reports FAQ | Microsoft Docs
-description: Frequently asked quesitons around Azure Active Directory reports.
+description: Frequently asked questions around Azure Active Directory reports.
 services: active-directory
 documentationcenter: ''
 author: cawrites
@@ -34,7 +34,7 @@ This article includes answers to frequently asked questions about Azure Active D
 
 **Q: I currently use the `https://graph.windows.net/<tenant-name>/reports/` endpoint APIs to pull Azure AD security reports (specific types of detections, such as leaked credentials or sign-ins from anonymous IP addresses) into our reporting systems programmatically. What should I switch to?**
 
-**A:** You can use the [Identity Protection risk detections API](../identity-protection/graph-get-started.md) to access security detections through Microsoft Graph. This new format gives greater flexibility in how you can query data, with advanced filtering, field selection, and more, and standardizes risk detections into one type for easier integration into SIEMs and other data collection tools. Because the data is in a different format, you can't substitute a new query for your old queries. However, [the new API uses Microsoft Graph](https://developer.microsoft.com/graph/docs/api-reference/beta/resources/identityriskevent), which is the Microsoft standard for such APIs as O365 or Azure AD. So the work required can either extend your current MS Graph investments or help you begin your transition to this new standard platform.
+**A:** You can use the [Identity Protection risk detections API](../identity-protection/graph-get-started.md) to access security detections through Microsoft Graph. This new format gives greater flexibility in how you can query data, with advanced filtering, field selection, and more, and standardizes risk detections into one type for easier integration into SIEMs and other data collection tools. Because the data is in a different format, you can't substitute a new query for your old queries. However, [the new API uses Microsoft Graph](https://developer.microsoft.com/graph/docs/api-reference/beta/resources/identityriskevent), which is the Microsoft standard for such APIs as O365 or Azure AD. So the work required can either extend your current Microsoft Graph investments or help you begin your transition to this new standard platform.
 
 ---
 

articles/active-directory/reports-monitoring/troubleshoot-graph-api.md

@@ -24,25 +24,12 @@ ms.collection: M365-identity-device-management
 
 # Troubleshoot errors in Azure Active Directory reporting API
 
-This article lists the common error messages you may run into while accessing activity reports using the MS Graph API and steps for their resolution.
+This article lists the common error messages you may run into while accessing activity reports using the Microsoft Graph API and steps for their resolution.
 
 ### 500 HTTP internal server error while accessing Microsoft Graph V2 endpoint
 
 We do not currently support the Microsoft Graph v2 endpoint - make sure to access the activity logs using the Microsoft Graph v1 endpoint.
 
-### Error: Failed to get user roles from AD Graph
-
-You may get this error message when trying to access sign-ins using Graph Explorer. Make sure you are signed in to your account using both of the sign-in buttons in the Graph Explorer UI, as shown in the following image. 
-
-![Graph Explorer](./media/troubleshoot-graph-api/graph-explorer.png)
-
-### Error: Failed to do premium license check from AD Graph 
-
-If you run into this error message while trying to access sign-ins using Graph Explorer, choose **Modify Permissions** underneath your account on the left nav, and select **Tasks.ReadWrite** and **Directory.Read.All**. 
-
-![Modify permissions UI](./media/troubleshoot-graph-api/modify-permissions.png)
-
-
 ### Error: Neither tenant is B2C or tenant doesn't have premium license
 
 Accessing sign-in reports requires an Azure Active Directory premium 1 (P1) license. If you see this error message while accessing sign-ins, make sure that your tenant is licensed with an Azure AD P1 license.
@@ -55,7 +42,7 @@ If you see this error message while trying to access audit logs or sign-ins usin
 
 Please follow the steps in the [Prerequisites to access the Azure Active Directory reporting API](howto-configure-prerequisites-for-reporting-api.md) to ensure your application is running with the right set of permissions. 
 
-### Error: Application missing MSGraph API 'Read all audit log data' permission
+### Error: Application missing Microsoft Graph API 'Read all audit log data' permission
 
 Please follow the steps in the [Prerequisites to access the Azure Active Directory reporting API](howto-configure-prerequisites-for-reporting-api.md) to ensure your application is running with the right set of permissions.