IdentityRiskyUser.Read.All
Allows the app to read identity risky user information for all users in your organization on behalf of the signed-in user.
Graph Methods
Type: A = Application Permission, D = Delegate Permission
| Ver |
Type |
Method |
| V1 |
A,D |
GET /identityProtection/riskyUsers |
| Beta |
A,D |
GET /identityProtection/riskyUsers/{id} |
| Beta |
A,D |
GET /identityProtection/riskyUsers/{id}/history/ |
| V1 |
A,D |
GET /identityProtection/riskyUsers/{riskyUserId} |
| V1 |
A,D |
GET /identityProtection/riskyUsers/{riskyUserId}/history |
| V1 |
A,D |
GET /identityProtection/riskyUsers/{riskyUserId}/history/{riskyUserHistoryItemId}/history |
| V1 |
A,D |
GET /identityProtection/riskyUsers/{userId}/history |
| Beta |
A,D |
GET /identityProtection/riskyUsers/{userid}/history/{id} |
| Beta |
A,D |
GET /riskyUsers |
| Beta |
A,D |
GET /riskyUsers/{id} |
| Beta |
A,D |
GET /riskyUsers/{id}/history |
| Beta |
A,D |
GET /riskyUsers/{userid}/history/{id} |
| Beta |
D |
GET /tenantRelationships/managedTenants/riskyUsers |
| Beta |
D |
GET /tenantRelationships/managedTenants/riskyUsers/{riskyUserId} |
Delegate Permission
|
|
| Id |
d04bb851-cb7c-4146-97c7-ca3e71baf56c |
| Consent Type |
Admin |
| Display String |
Read identity risky user information |
| Description |
Allows the app to read identity risky user information for all users in your organization on behalf of the signed-in user. |
Application Permission
|
|
| Id |
dc5007c0-2d7d-4c42-879c-2dab87571379 |
| Display String |
Read all identity risky user information |
| Description |
Allows the app to read the identity risky user information for your organization without a signed in user. |
Resources
| Property |
Type |
Description |
| id |
String |
The unique identifier for this entity. Required. Read-only. |
| isDeleted |
Boolean |
A flag indicating whether the account has been deleted. Optional. Read-only. |
| lastRefreshedDateTime |
DateTimeOffset |
Date and time the entity was last updated in the multi-tenant management platform. Optional. Read-only. |
| riskDetail |
String |
The risk details for the account flagged for risk. Optional. Read-only. |
| riskLastUpdatedDateTime |
DateTimeOffset |
The date and time when the risk information was last updated. Optional. Read-only. |
| riskLevel |
String |
The level of risk that was detected. Possible values are: low, medium, high, hidden, none, unknownFutureValue. Optional. Read-only. |
| riskState |
String |
The state of risk that was detected. Possible values are: none, confirmedSafe, remediated, dismissed, atRisk, confirmedCompromised, unknownFutureValue. Optional. Read-only. |
| tenantDisplayName |
String |
The display name for the managed tenant. Optional. Read-only. |
| tenantId |
String |
The Azure Active Directory tenant identifier for the managed tenant. Required. Read-only. |
| userDisplayName |
String |
The display name for the account where risk was detected. Optional. Read-only. |
| userId |
String |
The identifier for the user account where risk was detected. Required. Read-only. |
| userPrincipalName |
String |
The user principal name (UPN) for the account where risk was detected. Optional. Read-only. |
| Property |
Type |
Description |
| id |
String |
Unique ID of the user at risk. |
| isDeleted |
Boolean |
Indicates whether the user is deleted. Possible values are: true, false. |
| isProcessing |
Boolean |
Indicates whether a user's risky state is being processed by the backend. |
| riskDetail |
riskDetail |
Details of the detected risk. Possible values are: none, adminGeneratedTemporaryPassword, userPerformedSecuredPasswordChange, userPerformedSecuredPasswordReset, adminConfirmedSigninSafe, aiConfirmedSigninSafe, userPassedMFADrivenByRiskBasedPolicy, adminDismissedAllRiskForUser, adminConfirmedSigninCompromised, hidden, adminConfirmedUserCompromised, unknownFutureValue. |
| riskLastUpdatedDateTime |
DateTimeOffset |
The date and time that the risky user was last updated. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. |
| riskLevel |
riskLevel |
Level of the detected risky user. Possible values are: low, medium, high, hidden, none, unknownFutureValue. |
| riskState |
riskState |
State of the user's risk. Possible values are: none, confirmedSafe, remediated, dismissed, atRisk, confirmedCompromised, unknownFutureValue. |
| userDisplayName |
String |
Risky user display name. |
| userPrincipalName |
String |
Risky user principal name. |
| Property |
Type |
Description |
| activity |
riskUserActivity |
The activity related to user risk level change. |
| id |
String |
Inherited from entity |
| initiatedBy |
String |
The id of actor that does the operation. |
| isDeleted |
Boolean |
Inherited from riskyUser |
| isProcessing |
Boolean |
Inherited from riskyUser |
| riskDetail |
riskDetail |
Inherited from riskyUser. Possible values are: none, adminGeneratedTemporaryPassword, userPerformedSecuredPasswordChange, userPerformedSecuredPasswordReset, adminConfirmedSigninSafe, aiConfirmedSigninSafe, userPassedMFADrivenByRiskBasedPolicy, adminDismissedAllRiskForUser, adminConfirmedSigninCompromised, hidden, adminConfirmedUserCompromised, unknownFutureValue. |
| riskLastUpdatedDateTime |
DateTimeOffset |
Inherited from riskyUser |
| riskLevel |
riskLevel |
Inherited from riskyUser. Possible values are: low, medium, high, hidden, none, unknownFutureValue. |
| riskState |
riskState |
Inherited from riskyUser. Possible values are: none, confirmedSafe, remediated, dismissed, atRisk, confirmedCompromised, unknownFutureValue. |
| userDisplayName |
String |
Inherited from riskyUser |
| userId |
String |
The id of the user. |
| userPrincipalName |
String |
Risky user principal name. Inherited from riskyUser |