![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 25%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMA%3C/text%3E%3C/svg%3E)
Hi, got the problem: Get-SecurityAlert brings you all providers (including AIP “risky sign-ins”). Without registering apps, use Microsoft Graph PowerShell with delegation and filter only MDEs. Here, super-synthetic: open an InPrivate session → Connect-MgGraph -Scopes "SecurityEvents.Read.All" → MDE only: Get-MgSecurityAlertV2 -All -Filter "serviceSource eq 'microsoftDefenderForEndpoint'" (if you don't have V2: Get-MgSecurityAlert -All -Filter "vendorInformation/provider eq 'Microsoft Defender for Endpoint'"). To exclude risky sign-ins: add and serviceSource to 'azureAdIdentityProtection' (or, on v1, and category to 'Risky sign-in'). If it doesn't get them all, it's pagination: use -All (or -PageSize 1000) and, if necessary, repeat with Invoke-MgGraphRequest following the @odata.nextLink. You can also narrow by date: ... and createdDateTime ge 2025-08-01T00:00:00Z. This way, you only get Microsoft Defender for Endpoint alerts with delegated permissions and without having to register your own app.
About Get-SecurityAlert command
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(182.40000000000003, 54%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESD%3C/text%3E%3C/svg%3E)
Shuai Dawei
20
Reputation points
I am running Get-SecurityAlert command to retrive alert from MDE
but the problem is the command is not retriving all alerts
also it retrive risky signin alerts as well which is not my requirement
I want to retrive the alerts of MDE only
I search every where but I couldnot found anything
I am using delegate permission here
my company wants me without registering apps as possible as I can
So,Anyone can help in this would be great help
Thank you in advance
Microsoft Security | Microsoft Graph
Accepted answer
1 additional answer
Sort by: Most helpful
-
Vasil Michev 121K Reputation points MVP Volunteer Moderator2025-08-08T06:41:56.7666667+00:00 I suppose you mean
Get-MgSecurityAlert, correct? Keep in mind that this cmdlet is using the old/legacy alert experience, which is going to be deprecated next year. Instead, you should use theGet-MgSecurityAlertV2cmdlet. And of course, make sure you have sufficient permissions, both on the Graph side and on MDE side.