Update microsoft-graph-security-api-source.md (#5616)

yleiferman · jpipkin1 · web-flow · commit 601e06d1c1b8 · 2025-07-23T21:27:14.000Z
* Update microsoft-graph-security-api-source.md

* Added a troubleshooting section encountered when dealing with a customer issue

* Updates from review

---------

Co-authored-by: John Pipkin &lt;jpipkin@sumologic.com&gt;
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-graph-security-api-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-graph-security-api-source.md
@@ -133,9 +133,16 @@ https://github.com/SumoLogic/sumologic-documentation/blob/main/static/files/c2c/
 ```sh reference
 https://github.com/SumoLogic/sumologic-documentation/blob/main/static/files/c2c/microsoft-graph-security-api/example.tf
 ```
+## Troubleshooting
+
+### 403 Error with "Account is not provisioned"
+
+
+The "**Unauthorized request - Account is not provisioned**" error occurs when Microsoft Defender For Cloud hasn't started collecting alerts. This issue is explained [here](https://stackoverflow.com/questions/79380921/microsoft-graph-api-security-alerts-v2-gives-error-unauthorized-request-acco). Make sure to go to your Microsoft Defender for Cloud account, click on **Incidents** and then **Alerts**. If it's the first time, you will see a screen loading the information. Once you see the list of alerts screen, restart your source and you should no longer see the error.
 
 ## FAQ
 
+
 :::info
 Click [here](/docs/c2c/info) for more information about Cloud-to-Cloud sources.
 :::
