Skip to content
Build connected security experiences. Starting point to share code, libraries, notebooks, workbooks, and queries for connected experiences
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitignore Added RiskyUsers to the V3 sample May 3, 2019

Get Started as Microsoft Security Developer

Welcome to the Microsoft Security Dev repository! This repository is a landing page to learn about Microsoft security APIs, services and communities. This will enable application developers to build security applications catering to different requirements. Furthermore, this repo is a starting point to share code, libraries, notebooks, workbooks, and queries for building connected experiences.

Read the blogpost for more details.

Feedback / Questions / Bugs to report? File issues

In this repository

Getting Started

Read the Developers Guide to Building Connected Security Solutions.
The Developers Guide to Building Connected Security Solutions offers a primer for those who want to build apps, workflows, and analytics that integrate with Microsoft security solutions. In addition to introducing to the Microsoft APIs, services, and communities available to developers, the guide offers detailed guidance on when and how to use each – what technology and integration option best aligns with your desired scenario and application type.

Discover APIs and Services



   SDK    Azure Sentinel Data Connector/ Dashboard Logic Apps / Flow / PowerApps Connector PowerShell Module Power BI Connector Azure / Jupyter Notebooks
Microsoft Graph Security API
unified alerts for all Microsoft security services, threat indicators, actions, and secure score
Azure Security Center
security posture assessment and threat protection
Azure Active Directory Identity Protection
AAD users, groups, risky users, and risky sign-ins
Azure Sentinel / Azure Log Analytics
events and logs
Microsoft Defender Advanced Threat Protection
networks, devices, files and device users, threat indicators and advanced hunting APIs
Microsoft Cloud App Security
user activities, policy reports across cloud services
Microsoft Information Protection
data classification, labeling, and protection
Office 365 Management
user, admin, system, and policy actions and events across M365 services

Other security communities


This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit

When you submit a pull request, a CLA-bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact with any additional questions or comments.


This repository is licensed with the MIT license.

You can’t perform that action at this time.