Identity Protection is a tool that allows organizations to discover, investigate, and remediate identity-based risks in their environment.
Status: Preview |
Tier: Premium |
Version: 1.0.0 |
Name |
Summary |
Get risky user |
|
ConfirmRiskUser ([Optional]ConfirmRiskUserParameterBody body) |
Confirm a risky user as compromised |
Get risk detections |
|
DismissRiskUser ([Optional]DismissRiskUserParameterBody body) |
Dismiss a risky user |
Get the risk history of a risky user |
Name |
Summary |
Name |
Summary |
|
|
|
|
|
|
|
|
|
Summary: Get risky user
Description: Get a specific risky user and its properties
Syntax:
AzureADIdentityProtection.GetRiskUser (string Id)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
Id |
string (Get Risk User) |
User Id or user Principal name |
True |
Returns:
Type:Get_Risk_User_Result
Description: Get risk user result
Summary: Confirm a risky user as compromised
Description: Confirm a risky user as compromised
Syntax:
AzureADIdentityProtection.ConfirmRiskUser ([Optional]ConfirmRiskUserParameterBody body)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
body |
|
|
False |
Returns:
Summary: Get risk detections
Description: Get riskDetections
Syntax:
AzureADIdentityProtection.riskDetections (string Id)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
Id |
string (Get risk detections) |
User Id or user Principal Name |
True |
Returns:
Type:Get_riskDetection
Description: This API provides programmatic access to all risk detections in your Azure AD environment
Summary: Dismiss a risky user
Description: Dismiss a risky user
Syntax:
AzureADIdentityProtection.DismissRiskUser ([Optional]DismissRiskUserParameterBody body)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
body |
|
|
False |
Returns:
Summary: Get the risk history of a risky user
Description: Get the risk history
Syntax:
AzureADIdentityProtection.GetRiskUserHistory (string Id)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
Id |
string (Get history risk for user ) |
User Id or user Principal Name |
True |
Returns:
Type:Get_risk_history
Description: Represents the risk history of an Azure AD user as determined by Azure AD Identity Protection
Summary:
Description:
Properties:
Name |
Type |
Summary |
userIds |
array of (string)
|
|
Summary:
Description:
Properties:
Name |
Type |
Summary |
userIds |
array of (string)
|
|
Summary:
Description: This API provides programmatic access to all risk detections in your Azure AD environment
Properties:
Name |
Type |
Summary |
@@odata.type |
string
|
|
id |
string
|
Unique ID of the risk detection. Inherited from entity |
requestId |
string
|
Request ID of the sign-in associated with the risk detection. This property is null if the risk detection is not associated with a sign-in |
correlationId |
string
|
Correlation ID of the sign-in associated with the risk detection. This property is null if the risk detection is not associated with a sign-in |
riskEventType |
string
|
The type of risk event detected |
riskState |
string
|
The state of a detected risky user or sign-in |
riskLevel |
string
|
Level of the detected risk |
riskDetail |
string
|
Details of the detected risk |
source |
string
|
Source of the risk detection |
detectionTimingType |
string
|
Date and time that the risk was detected |
activity |
string
|
Indicates the activity type the detected risk is linked to |
tokenIssuerType |
string
|
Indicates the type of token issuer for the detected sign-in risk |
ipAddress |
string
|
Provides the IP address of the client from where the risk occurred. |
location |
|
Location of the sign-in |
activityDateTime |
string
|
Date and time that the risky activity occurred |
detectedDateTime |
string
|
Date and time that the risk was detected |
lastUpdatedDateTime |
string
|
Date and time that the risk detection was last updated |
userId |
string
|
Unique ID of the user |
userDisplayName |
string
|
The user principal name (UPN) of the user |
userPrincipalName |
string
|
The user principal name (UPN) of the user. |
additionalInfo |
string
|
Additional information associated with the risk detection in JSON format. |
Summary:
Description: Location of the sign-in
Properties:
Name |
Type |
Summary |
@@odata.type |
string
|
|
Summary:
Description: Represents the risk history of an Azure AD user as determined by Azure AD Identity Protection
Properties:
Name |
Type |
Summary |
@@odata.type |
string
|
|
id |
string
|
Inherited from entity |
isDeleted |
string
|
Inherited from riskyUser |
isProcessing |
string
|
Inherited from riskyUser |
riskLastUpdatedDateTime |
string
|
Inherited from riskyUser |
riskLevel |
string
|
Inherited from riskyUser |
riskState |
string
|
Inherited from riskyUser |
riskDetail |
string
|
Inherited from riskyUser |
userDisplayName |
string
|
Inherited from riskyUser |
userPrincipalName |
string
|
Risky user principal name |
userId |
string
|
The id of the user |
initiatedBy |
string
|
The id of actor that does the operation |
activity |
|
The activity related to user risk level change |
Summary:
Description: The activity related to user risk level change
Properties:
Name |
Type |
Summary |
@@odata.type |
string
|
|
Summary:
Description: Get risk user result
Properties:
Name |
Type |
Summary |
@@odata.context |
string
|
|
id |
string
|
Unique ID of the user at risk |
isDeleted |
boolean
|
Indicates whether the user is deleted. Possible values are: true, false |
isProcessing |
boolean
|
Indicates whether a user's risky state is being processed by the backend |
riskLevel |
string
|
Level of the detected risky user |
riskState |
string
|
The date and time that the risky user was last updated |
riskDetail |
string
|
Details of the detected risk |
riskLastUpdatedDateTime |
string
|
The date and time that the risky user was last updated. |
userDisplayName |
string
|
Risky user display name |
userPrincipalName |
string
|
Risky user principal name |