Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,238 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 38%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMP%3C/text%3E%3C/svg%3E)
That's correct. Entra ID Premium P2 is required to query risky users and utilize advanced security features, including Identity Protection, which identifies and reports risky users. This premium tier provides the capabilities necessary to detect and respond to identity-based threats within your organization.
With Entra ID Premium P2, you can access advanced features like:
- Risky Users Detection: Identifying and flagging users with suspicious activities or compromised credentials.
- Kusto Query Language (KQL): Running custom queries against the identity protection logs to retrieve detailed information about risky users.
- Automated Responses: Setting up alerts and automated workflows, such as sending email alerts to the relevant team when risky user activity is detected.
Details at https://www.microsoft.com/en-us/security/business/microsoft-entra-pricing
If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.
hth
Marcin
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)