Azure fraud notification - Update fraud event status

Applies to: Partner Center API

After you investigated the fraud activities for each reported Azure resource and determined the behavior as fraudulent or legitimated, you can use this API to update the fraud event status with the appropriate reason.


This API will only update the event status, it will not resolve the fraud activity on behalf of CSP partners.


REST request

Request syntax

Method Request URI
POST {baseURL}/v1/fraudEvents/subscription/{subscriptionId}/status

Request headers

Request body


Request example

POST{subscriptionId}/status} HTTP/1.1
Authorization: Bearer <token>
Content-Type: application/json

    "EventIds": ["2a7064fb-1e33-4007-974e-352cb3f2c805_2edeb5b1-766f-4209-9271-3ddf27755afa"],
    "EventStatus" : "Resolved",​
    "ResolvedReason": "Fraud"

URI parameter

Use the following optional query parameters when creating the request.

Name Type Required Description
SubscriptionId string Yes The Azure subscription ID, which has the Crypro-mining activities

Request body

Property Type Required Description
eventIds string[] No Keep eventIds as empty if you'd like to update the status for all fraud events under the given subscription ID
eventStatus string Yes Set it to Resolve to resolve the fraud event, or set it to Active to reactive a fraud event.
resolvedReason string Yes When fraud event is resolved, set an appropriate reason code, the accepted reason codes are Fraud or Ignore

REST response

If successful, this method returns a collection of Fraud events in the response body.

Response success and error codes

Each response comes with an HTTP status code that indicates success or failure and more debugging information. Use a network trace tool to read this code, error type, and more parameters. For the full list, see Error Codes.

Response example

HTTP/1.1 200 OK
Content-Length: 313
Content-Type: application/json
MS-CorrelationId: 4cb80cbe-566b-4d8b-8b8f-af1454b73089
MS-RequestId: 566330a7-1e4b-4848-9c23-f135c70fd810
Date: Thu, 21 May 2020 22:29:17 GMT
        "eventTime": "2021-12-08T00:25:45.69",
        "eventId": "2a7064fb-1e33-4007-974e-352cb3f2c805_2edeb5b1-766f-4209-9271-3ddf27755afa",
        "partnerTenantId": "348e932d-ef58-4347-8351-be51e4ec148c",
        "partnerFriendlyName": "test partner",
        "customerTenantId": "a248da34-6840-4c67-82d7-7f55ccd50d03",
        "customerFriendlyName": "test customer",
        "subscriptionId": "2a7064fb-1e33-4007-974e-352cb3f2c805",
        "subscriptionType": "modern",
        "entityId": "2edeb5b1-766f-4209-9271-3ddf27755afa",
        "entityName": "sampleentity",
        "entityUrl": "\\sample\\entity\\url",
        "hitCount": "10",
        "catalogOfferId": "ms-azr-17g",
        "eventStatus": "Resolved",
        "serviceName": "sampleservice",
        "resourceName": "sampleresource",
        "resourceGroupName": "sampleresourcegroup",
        "firstOccurrence": "2021-12-08T00:25:45.69",
        "lastOccurrence": "2021-12-08T00:25:45.69",
        "resolvedReason": "Fraud",
        "resolvedOn": "2021-12-08T11:25:45.69",
        "resolvedBy": ""