Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Namespace: microsoft.graph
Represents the reason behind a specific state of a risky user, sign-in, or service principal. This enumeration is used by multiple resources.
The following table lists the members of an [evolvable enumeration](/graph/best-practices-concept#handling-future-members-in-evolvable-enumerations). Use the Prefer: include-unknown-enum-members request header to get the following values in this evolvable enum: m365DAdminDismissedDetection, adminConfirmedServicePrincipalCompromised, adminDismissedAllRiskForServicePrincipal, userChangedPasswordOnPremises, adminDismissedRiskForSignIn, adminConfirmedAccountSafe.
Members
| Member | Description |
|---|---|
| none | No details are available for the risk state. Applies to: |
| adminGeneratedTemporaryPassword | An admin generated a temporary password for the user. Applies to: |
| userPerformedSecuredPasswordChange | The user performed a secure password change. Applies to: |
| userPerformedSecuredPasswordReset | The user performed a secure password reset. Applies to: |
| adminConfirmedSigninSafe | An admin confirmed the sign-in as safe. Applies to: |
| aiConfirmedSigninSafe | AI confirmed the sign-in as safe. Applies to: |
| userPassedMFADrivenByRiskBasedPolicy | The user passed multifactor authentication (MFA) driven by a risk-based policy. Applies to: |
| adminDismissedAllRiskForUser | An admin dismissed all risk for the user. Applies to: |
| adminConfirmedSigninCompromised | An admin confirmed the sign-in as compromised. Applies to: |
| hidden | The risk state is hidden. Applies to: |
| adminConfirmedUserCompromised | An admin confirmed the user as compromised. Applies to: |
| unknownFutureValue | Evolvable enumeration sentinel value. Don't use. Applies to: |
| m365DAdminDismissedDetection | A Microsoft Defender XDR admin dismissed the detection. Applies to: |
| adminConfirmedServicePrincipalCompromised | An admin confirmed the service principal as compromised. Applies to: |
| adminDismissedAllRiskForServicePrincipal | An admin dismissed all risk for the service principal. Applies to: |
| userChangedPasswordOnPremises | The user changed their password on-premises. Applies to: |
| adminDismissedRiskForSignIn | An admin dismissed the risk for the sign-in. Applies to: |
| adminConfirmedAccountSafe | An admin confirmed the account as safe. Applies to: |
JSON representation
The following JSON representation shows the resource type.
{
"@odata.type": "#microsoft.graph.riskDetail"
}