Allows the app to read and update identity risky agents information for all agents in your organization on behalf of the signed-in user. Update operations include dismissing risky agents.
Merill's Note
For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the IdentityRiskyAgent.ReadWrite.All permission.
If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the Export-MsIdAppConsentGrantReport command. See How To: Run a quick OAuth app audit of your tenant
Category
Application
Delegated
Identifier
dca4e4fd-a7cf-4e6f-86d1-d1ec094d766e
d343bdeb-db6a-4e06-97da-9dafc2d61c60
DisplayText
Read and write risky agents information
Read and write risky agents information
Description
Allows the app to read and update risky agents information in your organization without a signed-in user.
Allows the app to read and update identity risky agents information for all agents in your organization on behalf of the signed-in user. Update operations include dismissing risky agents.
The object id of the riskyAgentIdentity, riskyAgentIdentityBlueprintPrincipal or riskyAgentUser. Inherited from entity.
Supports $filter (eq, startsWith).
isDeleted
Boolean
Indicates whether the agent is deleted.
isEnabled
Boolean
Indicates whether the agent is enabled.
isProcessing
Boolean
Indicates whether an agent's risky state is processing in the backend.
riskDetail
riskDetail
Details of the detected risk of the agent. The possible values are: none, adminConfirmedAgentSafe, adminConfirmedAgentCompromised, adminDismissedRiskForAgent.
Supports $filter (eq).
riskLastModifiedDateTime
DateTimeOffset
The date and time that the risky agent was last updated. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
Supports $filter (eq, le, and ge).
riskLevel
riskLevel
Level of the detected risky agent. The possible values are: low, medium, high, hidden, none, unknownFutureValue.
Supports $filter (eq).
riskState
riskState
State of the agent's risk. The possible values are: none, confirmedSafe, dismissed, atRisk, confirmedCompromised, unknownFutureValue.
The object id of the agent identity. Inherited from entity.
Supports $filter (eq, startsWith).
isDeleted
Boolean
Indicates whether the agent is deleted. Inherited from riskyAgent.
isEnabled
Boolean
Indicates whether the agent is enabled. Inherited from riskyAgent.
isProcessing
Boolean
Indicates whether an agent's risky state is processing in the backend. Inherited from riskyAgent.
riskDetail
riskDetail
Details of the detected risk of the agent. Inherited from riskyAgent. The possible values are: none, adminConfirmedAgentSafe, adminConfirmedAgentCompromised, adminDismissedRiskForAgent.
Supports $filter (eq).
riskLastModifiedDateTime
DateTimeOffset
The date and time that the risky agent was last updated. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Inherited from riskyAgent.
Supports $filter (eq, le, and ge).
riskLevel
riskLevel
Level of the detected risky agent. Inherited from riskyAgent. The possible values are: low, medium, high, hidden, none, unknownFutureValue.
Supports $filter (eq).
riskState
riskState
State of the agent's risk. Inherited from riskyAgent. The possible values are: none, confirmedSafe, remediated, dismissed, atRisk, confirmedCompromised, unknownFutureValue.
The object id of the agent identity blueprint principal. Inherited from entity.
Supports $filter (eq, startsWith).
isDeleted
Boolean
Indicates whether the agent is deleted. Inherited from riskyAgent.
isEnabled
Boolean
Indicates whether the agent is enabled. Inherited from riskyAgent.
isProcessing
Boolean
Indicates whether an agent's risky state is processing in the backend. Inherited from riskyAgent.
riskDetail
riskDetail
Details of the detected risk of the agent. Inherited from riskyAgent. The possible values are: none, adminConfirmedAgentSafe, adminConfirmedAgentCompromised, adminDismissedRiskForAgent.
Supports $filter (eq).
riskLastModifiedDateTime
DateTimeOffset
The date and time that the risky agent was last updated. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Inherited from riskyAgent.
Supports $filter (eq, le, and ge).
riskLevel
riskLevel
Level of the detected risky agent. Inherited from riskyAgent. The possible values are: low, medium, high, hidden, none, unknownFutureValue.
Supports $filter (eq).
riskState
riskState
State of the agent's risk. Inherited from riskyAgent. The possible values are: none, confirmedSafe, remediated, dismissed, atRisk, confirmedCompromised, unknownFutureValue.
The object id of the agent user. Inherited from entity.
Supports $filter (eq, startsWith).
isDeleted
Boolean
Indicates whether the agent is deleted. Inherited from riskyAgent.
isEnabled
Boolean
Indicates whether the agent is enabled. Inherited from riskyAgent.
isProcessing
Boolean
Indicates whether an agent's risky state is processing in the backend. Inherited from riskyAgent.
riskDetail
riskDetail
Details of the detected risk of the agent. Inherited from riskyAgent. The possible values are: none, adminConfirmedAgentSafe, adminConfirmedAgentCompromised, adminDismissedRiskForAgent.
Supports $filter (eq).
riskLastModifiedDateTime
DateTimeOffset
The date and time that the risky agent was last updated. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Inherited from riskyAgent.
Supports $filter (eq, le, and ge).
riskLevel
riskLevel
Level of the detected risky agent. Inherited from riskyAgent. The possible values are: low, medium, high, hidden, none, unknownFutureValue.
Supports $filter (eq).
riskState
riskState
State of the agent's risk. Inherited from riskyAgent. The possible values are: none, confirmedSafe, remediated, dismissed, atRisk, confirmedCompromised, unknownFutureValue.