Generic Search
The Generic Search page provides a basic wrapper around the Microsoft Search API. The Microsoft Search API is an endpoint on the Microsoft Graph API, which allows to query data from various Microsoft 365 applications through one endpoint.
With a single access token for the MS Graph API (https://graph.microsoft.com), the type of entities that can be queried depends on the scopes defined in the access token.
As described in the Microsoft documentation, the following table provides an overview of the different types of entities that can be searched for and which scope is required for that:
| EntityType | Permission scope required to access the items | Source | Comment |
|---|---|---|---|
| chatMessage | Chat.Read, Chat.ReadWrite, ChannelMessage.Read.All | Teams | Teams messages. |
| message | Mail.Read, Mail.ReadWrite | Exchange Online | Email messages. |
| event | Calendars.Read, Calendars.ReadWrite | Exchange Online | Calendar events. |
| drive | Files.Read.All, Files.ReadWrite.All, Sites.Read.All, Sites.ReadWrite.All | SharePoint | Document libraries. |
| driveItem | Files.Read.All, Files.ReadWrite.All, Sites.Read.All, Sites.ReadWrite.All | SharePoint and OneDrive | Files, folders, pages, and news. |
| list | Sites.Read.All, Sites.ReadWrite.All | SharePoint and OneDrive | Lists. Note that document libraries are also returned as lists. |
| listItem | Sites.Read.All, Sites.ReadWrite.All | SharePoint and OneDrive | List items. Note that files and folders are also returned as list items; listItem is the super class of driveItem. |
| site | Sites.Read.All, Sites.ReadWrite.All | SharePoint | Sites in SharePoint. |
| Bookmarks | Bookmark.Read.All | Microsoft Search | Microsoft Search bookmarks in your organization. |
| Acronyms | Acronym.Read.All | Microsoft Search | Microsoft Search acronyms in your organization. |
Any search query supported by the search API will work. The simplest type of query is to just enter a keyword you want to search for (e.g. password).
More advanced search queries can be constructed using built-in operators and KQL syntax. (e.g. (password OR login) AND (filetype:xlsx)).
The search API is limited to a maximum of 500 results.
GraphSpy will try its best to show an overview of the most relevant information in the columns, although, all entity types return different attributes, making it hard to implement a generic solution. Therefore, the dropdown icon can be used to view the full details of the entity.
The summary column displays the context returned by Microsoft on which it hit this search request. Any specific keywords that were searched for are highlighted in bold.
The action icon will change depending on the type of entity queried. For instance, a driveItem will show a download icon.
