Show / Hide Table of Contents

IdentityRiskyUser.Read.All

Allows the app to read identity risky user information for all users in your organization on behalf of the signed-in user.

Graph Methods

Type: A = Application Permission, D = Delegate Permission

Ver	Type	Method
V1	A,D	GET /identityProtection/riskyUsers
Beta	A,D	GET /identityProtection/riskyUsers/{id}
Beta	A,D	GET /identityProtection/riskyUsers/{id}/history/
V1	A,D	GET /identityProtection/riskyUsers/{riskyUserId}
V1	A,D	GET /identityProtection/riskyUsers/{riskyUserId}/history
V1	A,D	GET /identityProtection/riskyUsers/{riskyUserId}/history/{riskyUserHistoryItemId}/history
V1	A,D	GET /identityProtection/riskyUsers/{userId}/history
Beta	A,D	GET /identityProtection/riskyUsers/{userid}/history/{id}
Beta	A,D	GET /riskyUsers
Beta	A,D	GET /riskyUsers/{id}
Beta	A,D	GET /riskyUsers/{id}/history
Beta	A,D	GET /riskyUsers/{userid}/history/{id}

Delegate Permission


Id	d04bb851-cb7c-4146-97c7-ca3e71baf56c
Consent Type	Admin
Display String	Read identity risky user information
Description	Allows the app to read identity risky user information for all users in your organization on behalf of the signed-in user.

Application Permission


Id	dc5007c0-2d7d-4c42-879c-2dab87571379
Display String	Read all identity risky user information
Description	Allows the app to read the identity risky user information for your organization without a signed in user.

Resources

riskyUser

Property	Type	Description
id	String	Unique ID of the user at risk.
isDeleted	Boolean	Indicates whether the user is deleted. Possible values are: `true`, `false`.
isProcessing	Boolean	Indicates whether a user's risky state is being processed by the backend.
riskDetail	riskDetail	Details of the detected risk. Possible values are: `none`, `adminGeneratedTemporaryPassword`, `userPerformedSecuredPasswordChange`, `userPerformedSecuredPasswordReset`, `adminConfirmedSigninSafe`, `aiConfirmedSigninSafe`, `userPassedMFADrivenByRiskBasedPolicy`, `adminDismissedAllRiskForUser`, `adminConfirmedSigninCompromised`, `hidden`, `adminConfirmedUserCompromised`, `unknownFutureValue`.
riskLastUpdatedDateTime	DateTimeOffset	The date and time that the risky user was last updated. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`.
riskLevel	riskLevel	Level of the detected risky user. Possible values are: `low`, `medium`, `high`, `hidden`, `none`, `unknownFutureValue`.
riskState	riskState	State of the user's risk. Possible values are: `none`, `confirmedSafe`, `remediated`, `dismissed`, `atRisk`, `confirmedCompromised`, `unknownFutureValue`.
userDisplayName	String	Risky user display name.
userPrincipalName	String	Risky user principal name.

riskyUserHistoryItem

Property	Type	Description
activity	riskUserActivity	The activity related to user risk level change.
id	String	Inherited from entity
initiatedBy	String	The id of actor that does the operation.
isDeleted	Boolean	Inherited from riskyUser
isProcessing	Boolean	Inherited from riskyUser
riskDetail	riskDetail	Inherited from riskyUser. Possible values are: `none`, `adminGeneratedTemporaryPassword`, `userPerformedSecuredPasswordChange`, `userPerformedSecuredPasswordReset`, `adminConfirmedSigninSafe`, `aiConfirmedSigninSafe`, `userPassedMFADrivenByRiskBasedPolicy`, `adminDismissedAllRiskForUser`, `adminConfirmedSigninCompromised`, `hidden`, `adminConfirmedUserCompromised`, `unknownFutureValue`.
riskLastUpdatedDateTime	DateTimeOffset	Inherited from riskyUser
riskLevel	riskLevel	Inherited from riskyUser. Possible values are: `low`, `medium`, `high`, `hidden`, `none`, `unknownFutureValue`.
riskState	riskState	Inherited from riskyUser. Possible values are: `none`, `confirmedSafe`, `remediated`, `dismissed`, `atRisk`, `confirmedCompromised`, `unknownFutureValue`.
userDisplayName	String	Inherited from riskyUser
userId	String	The id of the user.
userPrincipalName	String	Risky user principal name. Inherited from riskyUser