Show / Hide Table of Contents

IdentityRiskyServicePrincipal.Read.All

Allows the app to read all identity risky service principal information for your organization, on behalf of the signed-in user.

Graph Methods

Type: A = Application Permission, D = Delegate Permission

Ver	Type	Method
V1	A,D	GET /identityProtection/riskyServicePrincipals
V1	A,D	GET /identityProtection/riskyServicePrincipals/{riskyServicePrincipalId}
V1	A,D	GET /identityProtection/riskyServicePrincipals/{riskyServicePrincipalId}/history

Delegate Permission


Id	ea5c4ab0-5a73-4f35-8272-5d5337884e5d
Consent Type	Admin
Display String	Read all identity risky service principal information
Description	Allows the app to read all identity risky service principal information for your organization, on behalf of the signed-in user.

Application Permission


Id	607c7344-0eed-41e5-823a-9695ebe1b7b0
Display String	Read all identity risky service principal information
Description	Allows the app to read all risky service principal information for your organization, without a signed-in user.

Resources

riskyServicePrincipal

Property	Type	Description
appId	String	The globally unique identifier for the associated application (its appId property), if any.
displayName	String	The display name for the service principal.
id	String	The unique identifier assigned to the service principal at risk. Inherited from entity.
isEnabled	Boolean	`true` if the service principal account is enabled; otherwise, `false`.
isProcessing	Boolean	Indicates whether Azure AD is currently processing the service principal's risky state.
riskDetail	riskDetail	Details of the detected risk. Note: Details for this property are only available for Workload Identities Premium customers. Events in tenants without this license will be returned `hidden`. The possible values are: `none`, `hidden`, `unknownFutureValue`, `adminConfirmedServicePrincipalCompromised`, `adminDismissedAllRiskForServicePrincipal`. Note that you must use the `Prefer: include-unknown-enum-members` request header to get the following value(s) in this evolvable enum: `adminConfirmedServicePrincipalCompromised` , `adminDismissedAllRiskForServicePrincipal`.
riskLastUpdatedDateTime	DateTimeOffset	The date and time that the risk state was last updated. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2021 is `2021-01-01T00:00:00Z`. Supports `$filter` (`eq`).
riskLevel	riskLevel	Level of the detected risky workload identity. The possible values are: `low`, `medium`, `high`, `hidden`, `none`, `unknownFutureValue`. Supports `$filter` (`eq`).
riskState	riskState	State of the service principal's risk. The possible values are: `none`, `confirmedSafe`, `remediated`, `dismissed`, `atRisk`, `confirmedCompromised`, `unknownFutureValue`.
servicePrincipalType	String	Identifies whether the service principal represents an `Application`, a `ManagedIdentity`, or a legacy application (`socialIdp`). This is set by Azure AD internally and is inherited from servicePrincipal.

riskyServicePrincipalHistoryItem

Property	Type	Description
activity	riskServicePrincipalActivity	The activity related to service principal risk level change.
initiatedBy	bool	The identifier of the actor of the operation.
servicePrincipalId	string	The identifier of the service principal.