I'm considering using the Graph beta API for sign-in logs in a production environment and I'm curious if anyone has actual experience with it. How dependable is it? Have you encountered any missing data, throttling issues, or strange limits? Also, does the beta data align with what's presented in the portal or Log Analytics?
4 Answers
Why use beta at all? If there's something you need that isn’t available in the production API, consider writing a wrapper instead of depending on the beta version.
I've got a few scripts running in production that utilize the beta endpoint, and they seem stable enough. Just keep in mind that it’s beta—it's more of a shifting target than v1.0, which is much more solid.
If your issue is tied to Azure Entra ID sign-in logs, I highly recommend steering clear of the beta Graph API. We ran into quite a few issues this year, and ultimately switched to querying logs directly from Log Analytics with KQL—it turned out to be much faster and more reliable, but your results may vary based on your setup.
We use the beta logs too, and while it does work, I wouldn’t rely on it as your only source for detections. The beta API can change unexpectedly, plus you might face throttling during busy times. We’ve noticed sign-in events can lag behind Log Analytics by 15-20 minutes. It's alright for less urgent monitoring, but steer clear if you're dealing with anything security-sensitive.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures