Announcing the general availability of Microsoft Graph Identity Protection APIs

Microsoft identity platform team

June 26th, 2020 0

Today we’re announcing general availability of our two Azure AD Identity Protection APIs in Microsoft Graph: riskyUsers and riskDetections. Previously you could only consume these APIs through the beta endpoint, but can now find the riskyUsers and riskDetections resource types on the v1.0 endpoint. These APIs enable you to query risk detections and risky users detected by Azure AD Identity Protection, and to take action on risky users.

A few ways that you can gain value from these APIs include:

  • GET /identityProtection/riskDetections — Returns information about specific risk detections and why they are risky, including the risk level, risk event type, and associated user
  • GET /identityProtection/riskyUsers —  Returns information about specific users and their risk status. This can be useful to understand which users fit different risk profiles such as all the users with a specific risk level or whose risk state changed during a specific period of time.
  • GET /identityProtection/riskyUsers/{riskyUserId}/history — Returns details about the risk history of a specific user, and the underlying reasons for changes to their risk status or level
  • POST /identityProtection/riskyUsers/confirmCompromised — Changes the user’s risk level to high risk and reflects their compromise state in the risk detail. This can be helpful if you have investigated a risky user and want to update Identity Protection with their compromise status
  • POST /identityProtection/riskyUsers/dismiss — Changes the user’s risk level to none and closes all the underlying risk detections that led to the elevation of risk. This can be helpful if you have remediated a user outside of Identity Protection and want their risk level to be cleared.

Now that these endpoints are available in v1.0, we invite you to use them in your production scenarios.

What’s next?

With the general availability of our APIs in commercial and US government tenants, we will continue our journey to provide best in class protection for your Azure AD identities with future new risk detection types and additional enhancements. To learn more about Identity Protection, check out our documentation and share your feedback with us through UserVoice.

-Sarah Handler on behalf of the Identity Protection team.

Microsoft identity platform team

Read next

Office 365 CLI v2.11
We've just published a new version of the Office 365 CLI with commands for managing Office 365 tenants and SharePoint Framework projects on any platform.
Microsoft 365 PnP Team
June 28, 2020

Feedback usabilla icon