Connectors Reference
Identity Protection is a tool that allows organizations to discover, investigate, and remediate identity-based risks in their environment.
|
Status: Preview |
Tier: Premium |
Version: 1.0.0 |
|
Name |
Summary |
|
Get risky user |
|
|
ConfirmRiskUser ([Optional]ConfirmRiskUserParameterBody body) |
Confirm a risky user as compromised |
|
Get risk detections |
|
|
DismissRiskUser ([Optional]DismissRiskUserParameterBody body) |
Dismiss a risky user |
|
Get the risk history of a risky user |
|
Name |
Summary |
|
Name |
Summary |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Summary: Get risky user
Description: Get a specific risky user and its properties
Syntax:
AzureADIdentityProtection.GetRiskUser (string Id)
Parameters:
|
Name |
Type |
Summary |
Required |
Related Action |
|
Id |
string (Get Risk User) |
User Id or user Principal name |
True |
Returns:
Type:Get_Risk_User_Result
Description: Get risk user result
Summary: Confirm a risky user as compromised
Description: Confirm a risky user as compromised
Syntax:
AzureADIdentityProtection.ConfirmRiskUser ([Optional]ConfirmRiskUserParameterBody body)
Parameters:
|
Name |
Type |
Summary |
Required |
Related Action |
|
body |
|
|
False |
Returns:
Summary: Get risk detections
Description: Get riskDetections
Syntax:
AzureADIdentityProtection.riskDetections (string Id)
Parameters:
|
Name |
Type |
Summary |
Required |
Related Action |
|
Id |
string (Get risk detections) |
User Id or user Principal Name |
True |
Returns:
Type:Get_riskDetection
Description: This API provides programmatic access to all risk detections in your Azure AD environment
Summary: Dismiss a risky user
Description: Dismiss a risky user
Syntax:
AzureADIdentityProtection.DismissRiskUser ([Optional]DismissRiskUserParameterBody body)
Parameters:
|
Name |
Type |
Summary |
Required |
Related Action |
|
body |
|
|
False |
Returns:
Summary: Get the risk history of a risky user
Description: Get the risk history
Syntax:
AzureADIdentityProtection.GetRiskUserHistory (string Id)
Parameters:
|
Name |
Type |
Summary |
Required |
Related Action |
|
Id |
string (Get history risk for user ) |
User Id or user Principal Name |
True |
Returns:
Type:Get_risk_history
Description: Represents the risk history of an Azure AD user as determined by Azure AD Identity Protection
Summary:
Description:
Properties:
|
Name |
Type |
Summary |
|
userIds |
array of (string)
|
|
Summary:
Description:
Properties:
|
Name |
Type |
Summary |
|
userIds |
array of (string)
|
|
Summary:
Description: This API provides programmatic access to all risk detections in your Azure AD environment
Properties:
|
Name |
Type |
Summary |
|
@@odata.type |
string
|
|
|
id |
string
|
Unique ID of the risk detection. Inherited from entity |
|
requestId |
string
|
Request ID of the sign-in associated with the risk detection. This property is null if the risk detection is not associated with a sign-in |
|
correlationId |
string
|
Correlation ID of the sign-in associated with the risk detection. This property is null if the risk detection is not associated with a sign-in |
|
riskEventType |
string
|
The type of risk event detected |
|
riskState |
string
|
The state of a detected risky user or sign-in |
|
riskLevel |
string
|
Level of the detected risk |
|
riskDetail |
string
|
Details of the detected risk |
|
source |
string
|
Source of the risk detection |
|
detectionTimingType |
string
|
Date and time that the risk was detected |
|
activity |
string
|
Indicates the activity type the detected risk is linked to |
|
tokenIssuerType |
string
|
Indicates the type of token issuer for the detected sign-in risk |
|
ipAddress |
string
|
Provides the IP address of the client from where the risk occurred. |
|
location |
|
Location of the sign-in |
|
activityDateTime |
string
|
Date and time that the risky activity occurred |
|
detectedDateTime |
string
|
Date and time that the risk was detected |
|
lastUpdatedDateTime |
string
|
Date and time that the risk detection was last updated |
|
userId |
string
|
Unique ID of the user |
|
userDisplayName |
string
|
The user principal name (UPN) of the user |
|
userPrincipalName |
string
|
The user principal name (UPN) of the user. |
|
additionalInfo |
string
|
Additional information associated with the risk detection in JSON format. |
Summary:
Description: Location of the sign-in
Properties:
|
Name |
Type |
Summary |
|
@@odata.type |
string
|
|
Summary:
Description: Represents the risk history of an Azure AD user as determined by Azure AD Identity Protection
Properties:
|
Name |
Type |
Summary |
|
@@odata.type |
string
|
|
|
id |
string
|
Inherited from entity |
|
isDeleted |
string
|
Inherited from riskyUser |
|
isProcessing |
string
|
Inherited from riskyUser |
|
riskLastUpdatedDateTime |
string
|
Inherited from riskyUser |
|
riskLevel |
string
|
Inherited from riskyUser |
|
riskState |
string
|
Inherited from riskyUser |
|
riskDetail |
string
|
Inherited from riskyUser |
|
userDisplayName |
string
|
Inherited from riskyUser |
|
userPrincipalName |
string
|
Risky user principal name |
|
userId |
string
|
The id of the user |
|
initiatedBy |
string
|
The id of actor that does the operation |
|
activity |
|
The activity related to user risk level change |
Summary:
Description: The activity related to user risk level change
Properties:
|
Name |
Type |
Summary |
|
@@odata.type |
string
|
|
Summary:
Description: Get risk user result
Properties:
|
Name |
Type |
Summary |
|
@@odata.context |
string
|
|
|
id |
string
|
Unique ID of the user at risk |
|
isDeleted |
boolean
|
Indicates whether the user is deleted. Possible values are: true, false |
|
isProcessing |
boolean
|
Indicates whether a user's risky state is being processed by the backend |
|
riskLevel |
string
|
Level of the detected risky user |
|
riskState |
string
|
The date and time that the risky user was last updated |
|
riskDetail |
string
|
Details of the detected risk |
|
riskLastUpdatedDateTime |
string
|
The date and time that the risky user was last updated. |
|
userDisplayName |
string
|
Risky user display name |
|
userPrincipalName |
string
|
Risky user principal name |