Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Namespace: microsoft.graph
Important
APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.
Represents the agentic risk detections as evaluated by Microsoft Entra ID Protection based on various signals and machine learning.
Inherits from entity.
Methods
| Method | Return type | Description |
|---|---|---|
| List | agentRiskDetection collection | Get a list of the agentRiskDetection objects and their properties. |
| Get | agentRiskDetection | Read the properties and relationships of agentRiskDetection object. |
Properties
| Property | Type | Description |
|---|---|---|
| activityDateTime | DateTimeOffset | Date and time that the risky activity occurred. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Supports $filter (eq, le, and ge). |
| additionalInfo | String | Additional information associated with the risk detection. |
| agentDisplayName | String | Name of the agent. Supports $filter (eq, startsWith). |
| agentId | String | The unique identifier for the agent. This is equivalent to 'id' to the specific agent type. See riskyAgentIdentity, riskyAgentIdentityBlueprintPrincipal, and riskyAgentUser. Supports $filter (eq, startsWith). |
| detectedDateTime | DateTimeOffset | Date and time that the risk was detected. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Supports $filter (eq, le, and ge). |
| detectionTimingType | riskDetectionTimingType | Timing of the detected risk (real-time/offline). The possible values are: notDefined, realtime, nearRealtime, offline, unknownFutureValue. |
| id | String | Unique ID of the risk detection. Inherited from entity. |
| lastModifiedDateTime | DateTimeOffset | Date and time that the risk detection was last updated. Supports $filter (eq, le, and ge). |
| riskDetail | riskDetail | Details of the detected risk. Supports $filter (eq). |
| riskEventType | String | The type of risk event detected. Supports $filter (eq). |
| riskEvidence | String | Evidence on the risky activity occurred. Supports $filter (eq). |
| riskLevel | riskLevel | Level of the detected risk. The possible values are: low, medium, high, hidden, none, unknownFutureValue. Supports $filter (eq). |
| riskState | riskState | The state of a detected agentic risk. The possible values are: none, confirmedSafe, dismissed, atRisk, confirmedCompromised, unknownFutureValue. Supports $filter (eq). |
Relationships
None.
JSON representation
The following JSON representation shows the resource type.
{
"@odata.type": "#microsoft.graph.agentRiskDetection",
"id": "String (identifier)",
"agentId": "String",
"agentDisplayName": "String",
"activityDateTime": "String (timestamp)",
"detectedDateTime": "String (timestamp)",
"detectionTimingType": "String",
"lastModifiedDateTime": "String (timestamp)",
"riskDetail": "String",
"riskLevel": "String",
"riskState": "String",
"riskEventType": "String",
"riskEvidence": "String",
"additionalInfo": "String"
}