Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Namespace: microsoft.graph
Important
APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.
Represents the Microsoft Entra agents that are at risk as evaluated by Microsoft Entra ID Protection based on various signals and machine learning. This API provides programmatic access to all at-risk agents in your Microsoft Entra tenant, the @odata.type indicates the exact type of this agent. The supported types are riskyAgentIdentity, riskyAgentIdentityBlueprintPrincipal, and riskyAgentUser.
Inherits from entity.
Methods
| Method | Return type | Description |
|---|---|---|
| List | riskyAgent collection | Get a list of the riskyAgent objects and their properties. |
| Get | riskyAgent | Read the properties and relationships of riskyAgent object. |
| Dismiss | None | Dismiss the risk of one or more riskyAgent objects. |
| Confirm compromised | None | Confirm one or more riskyAgent objects as compromised. |
| Confirm safe | None | Confirm one or more riskyAgent objects as safe. |
Properties
| Property | Type | Description |
|---|---|---|
| agentDisplayName | String | Name of the agent. Supports $filter (eq, startsWith). |
| id | String | The object id of the riskyAgentIdentity, riskyAgentIdentityBlueprintPrincipal or riskyAgentUser. Inherited from entity. Supports $filter (eq, startsWith). |
| isDeleted | Boolean | Indicates whether the agent is deleted. |
| isEnabled | Boolean | Indicates whether the agent is enabled. |
| isProcessing | Boolean | Indicates whether an agent's risky state is processing in the backend. |
| riskDetail | riskDetail | Details of the detected risk of the agent. Supports $filter (eq). |
| riskLastModifiedDateTime | DateTimeOffset | The date and time that the risky agent was last updated. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Supports $filter (eq, le, and ge). |
| riskLevel | riskLevel | Level of the detected risky agent. The possible values are: low, medium, high, hidden, none, unknownFutureValue. Supports $filter (eq). |
| riskState | riskState | State of the agent's risk. The possible values are: none, confirmedSafe, dismissed, atRisk, confirmedCompromised, unknownFutureValue. Supports $filter (eq). |
Relationships
None.
JSON representation
The following JSON representation shows the resource type.
{
"@odata.type": "#microsoft.graph.riskyAgent",
"id": "String (identifier)",
"agentDisplayName": "String",
"isDeleted": "Boolean",
"isEnabled": "Boolean",
"isProcessing": "Boolean",
"riskLastModifiedDateTime": "String (timestamp)",
"riskState": "String",
"riskLevel": "String",
"riskDetail": "String"
}