命名空间:microsoft.graph
重要
Microsoft Graph /beta 版本下的 API 可能会发生更改。 不支持在生产应用程序中使用这些 API。 若要确定 API 是否在 v1.0 中可用,请使用 版本 选择器。
检索 riskDetection 对象的集合的属性。
注意
必须具有Microsoft Entra ID P1 或 P2 许可证才能使用风险检测 API。
此 API 可用于以下国家级云部署。
| 全局服务 |
美国政府 L4 |
美国政府 L5 (DOD) |
由世纪互联运营的中国 |
| ✅ |
✅ |
✅ |
❌ |
权限
为此 API 选择标记为最低特权的权限。
只有在应用需要它时,才使用更高的特权权限。 有关委派权限和应用程序权限的详细信息,请参阅权限类型。 要了解有关这些权限的详细信息,请参阅 权限参考。
| 权限类型 |
最低特权权限 |
更高特权权限 |
| 委派(工作或学校帐户) |
IdentityRiskEvent.Read.All |
不可用。 |
| 委派(个人 Microsoft 帐户) |
不支持。 |
不支持。 |
| 应用程序 |
IdentityRiskEvent.Read.All |
不可用。 |
HTTP 请求
GET /riskDetections
GET /identityProtection/riskDetections
可选的查询参数
此方法支持 $filter 和 $selectOData 查询参数 来自定义查询响应。 默认页面大小为 20 个对象,最大为 $top 500。
| 名称 |
说明 |
| Authorization |
持有者 {token}。 必填。 详细了解 身份验证和授权。 |
| Content-Type |
application/json |
请求正文
请勿提供此方法的请求正文。
响应
如果成功,此方法在响应正文中返回响应 200 OK 代码和 riskDetection 对象集合。
示例
示例 1:列出风险检测
请求
以下示例显示了一个请求。
GET https://graph.microsoft.com/beta/riskDetections
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.RiskDetections.GetAsync();
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
//other-imports
)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
riskDetections, err := graphClient.RiskDetections().Get(context.Background(), nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
RiskDetectionCollectionResponse result = graphClient.riskDetections().get();
const options = {
authProvider,
};
const client = Client.init(options);
let riskDetections = await client.api('/riskDetections')
.version('beta')
.get();
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$result = $graphServiceClient->riskDetections()->get()->wait();
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
result = await graph_client.risk_detections.get()
响应
以下示例显示了相应的响应。
HTTP/1.1 200 OK
Content-type: application/json
{
"value":[
{
"id": "6a5874ca-abcd-9d82-5ad39bd71600",
"requestId": "6a5874ca-abcd-9d82-5ad39bd71600",
"correlationId": "abcd74ca-9823-4b1c-9d82-5ad39bd71600",
"riskEventType": "unfamiliarFeatures",
"riskState": "remediated",
"riskLevel": "medium",
"riskDetail": "userPerformedSecuredPasswordReset",
"source": "activeDirectory",
"detectionTimingType": "realtime",
"activity": "signin",
"tokenIssuerType": "Azure Active Directory",
"ipAddress": "123.456.7.89",
"location": {
"city": "Seattle",
"state": "Washington",
"countryOrRegion": "US",
"geoCoordinates": null
},
"activityDateTime": "2018-09-05T00:09:18.7822851Z",
"detectedDateTime": "2018-09-05T00:11:27.773602Z",
"lastUpdatedDateTime": "2018-09-05T00:11:27.773602Z",
"userId": "abcdefab-af90-4edf-ac4c-742ff06735d0",
"userDisplayName": "User ",
"userPrincipalName": "user@abcde.com",
"additionalInfo": "[{\"Key\":\"userAgent\",\"Value\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36\"}]"
}
]
}
示例 2:列出特定用户的风险检测
请求
以下示例显示了一个请求。
GET https://graph.microsoft.com/beta/identityProtection/riskDetections/c2b6c2b9-dddc-acd0-2b39-d519d803dbc3
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityProtection.RiskDetections["{riskDetection-id}"].GetAsync();
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
//other-imports
)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
riskDetections, err := graphClient.IdentityProtection().RiskDetections().ByRiskDetectionId("riskDetection-id").Get(context.Background(), nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
RiskDetection result = graphClient.identityProtection().riskDetections().byRiskDetectionId("{riskDetection-id}").get();
const options = {
authProvider,
};
const client = Client.init(options);
let riskDetection = await client.api('/identityProtection/riskDetections/c2b6c2b9-dddc-acd0-2b39-d519d803dbc3')
.version('beta')
.get();
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$result = $graphServiceClient->identityProtection()->riskDetections()->byRiskDetectionId('riskDetection-id')->get()->wait();
Import-Module Microsoft.Graph.Beta.Identity.SignIns
Get-MgBetaRiskDetection -RiskDetectionId $riskDetectionId
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
result = await graph_client.identity_protection.risk_detections.by_risk_detection_id('riskDetection-id').get()
响应
以下示例显示了相应的响应。
HTTP/1.1 200 OK
Content-type: application/json
{
"value":[
{
"id": "6a5874ca-abcd-9d82-5ad39bd71600",
"requestId": "6a5874ca-abcd-9d82-5ad39bd71600",
"correlationId": "abcd74ca-9823-4b1c-9d82-5ad39bd71600",
"riskEventType": "unfamiliarFeatures",
"riskState": "remediated",
"riskLevel": "medium",
"riskDetail": "userPerformedSecuredPasswordReset",
"source": "activeDirectory",
"detectionTimingType": "realtime",
"activity": "signin",
"tokenIssuerType": "Azure Active Directory",
"ipAddress": "123.456.7.89",
"location": {
"city": "Seattle",
"state": "Washington",
"countryOrRegion": "US",
"geoCoordinates": null
},
"activityDateTime": "2018-09-05T00:09:18.7822851Z",
"detectedDateTime": "2018-09-05T00:11:27.773602Z",
"lastUpdatedDateTime": "2018-09-05T00:11:27.773602Z",
"userId": "abcdefab-af90-4edf-ac4c-742ff06735d0",
"userDisplayName": "User ",
"userPrincipalName": "user@abcde.com",
"additionalInfo": "[{\"Key\":\"userAgent\",\"Value\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36\"}]"
}
]
}
示例 3:列出风险检测并筛选结果
请求
以下示例演示如何使用 $filter 获取风险检测的集合,其中风险级别为中等或风险事件类型为 unfamilarFeatures,这指示登录位于不熟悉或异常的位置。
GET https://graph.microsoft.com/beta/identityProtection/riskDetections?$filter=riskEventType eq 'unfamiliarFeatures' or riskLevel eq 'medium'
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityProtection.RiskDetections.GetAsync((requestConfiguration) =>
{
requestConfiguration.QueryParameters.Filter = "riskEventType eq 'unfamiliarFeatures' or riskLevel eq 'medium'";
});
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphidentityprotection "github.com/microsoftgraph/msgraph-beta-sdk-go/identityprotection"
//other-imports
)
requestFilter := "riskEventType eq 'unfamiliarFeatures' or riskLevel eq 'medium'"
requestParameters := &graphidentityprotection.IdentityProtectionRiskDetectionsRequestBuilderGetQueryParameters{
Filter: &requestFilter,
}
configuration := &graphidentityprotection.IdentityProtectionRiskDetectionsRequestBuilderGetRequestConfiguration{
QueryParameters: requestParameters,
}
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
riskDetections, err := graphClient.IdentityProtection().RiskDetections().Get(context.Background(), configuration)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
RiskDetectionCollectionResponse result = graphClient.identityProtection().riskDetections().get(requestConfiguration -> {
requestConfiguration.queryParameters.filter = "riskEventType eq 'unfamiliarFeatures' or riskLevel eq 'medium'";
});
const options = {
authProvider,
};
const client = Client.init(options);
let riskDetections = await client.api('/identityProtection/riskDetections')
.version('beta')
.filter('riskEventType eq \'unfamiliarFeatures\' or riskLevel eq \'medium\'')
.get();
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\IdentityProtection\RiskDetections\RiskDetectionsRequestBuilderGetRequestConfiguration;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestConfiguration = new RiskDetectionsRequestBuilderGetRequestConfiguration();
$queryParameters = RiskDetectionsRequestBuilderGetRequestConfiguration::createQueryParameters();
$queryParameters->filter = "riskEventType eq 'unfamiliarFeatures' or riskLevel eq 'medium'";
$requestConfiguration->queryParameters = $queryParameters;
$result = $graphServiceClient->identityProtection()->riskDetections()->get($requestConfiguration)->wait();
Import-Module Microsoft.Graph.Beta.Identity.SignIns
Get-MgBetaRiskDetection -Filter "riskEventType eq 'unfamiliarFeatures' or riskLevel eq 'medium'"
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.identity_protection.risk_detections.risk_detections_request_builder import RiskDetectionsRequestBuilder
from kiota_abstractions.base_request_configuration import RequestConfiguration
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
query_params = RiskDetectionsRequestBuilder.RiskDetectionsRequestBuilderGetQueryParameters(
filter = "riskEventType eq 'unfamiliarFeatures' or riskLevel eq 'medium'",
)
request_configuration = RequestConfiguration(
query_parameters = query_params,
)
result = await graph_client.identity_protection.risk_detections.get(request_configuration = request_configuration)
响应
以下示例显示了相应的响应。
HTTP/1.1 200 OK
Content-type: application/json
{
"value": [
{
"id": "1d68fc3d60d012ff80ad4b16818bf304df1bde295fdf1db31fa5389ba9532cd1",
"requestId": "3295073e-04b1-4871-9d15-c1f871b41100",
"correlationId": "f141d8e5-93e9-4fd0-9eb0-c40e5f8fc092",
"riskEventType": "unfamiliarFeatures",
"riskState": "atRisk",
"riskLevel": "medium",
"riskDetail": "none",
"source": "Identity Protection",
"detectionTimingType": "realtime",
"activity": "signin",
"tokenIssuerType": "Azure Active Directory",
"ipAddress": "123.456.7.89",
"location": {
"city": "Seattle",
"state": "Washington",
"countryOrRegion": "US",
"geoCoordinates": null
},
"activityDateTime": "2018-09-05T00:09:18.7822851Z",
"detectedDateTime": "2018-09-05T00:11:27.773602Z",
"lastUpdatedDateTime": "2018-09-05T00:11:27.773602Z",
"userId": "abcdefab-af90-4edf-ac4c-742ff06735d0",
"userDisplayName": "User ",
"userPrincipalName": "user@abcde.com",
"additionalInfo": "[{\"Key\":\"userAgent\",\"Value\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36\"}]"
}
]
}