{"id":4901,"date":"2020-06-26T09:00:01","date_gmt":"2020-06-26T16:00:01","guid":{"rendered":"https:\/\/officedevblogs.wpengine.com\/?p=4901"},"modified":"2020-06-26T09:00:01","modified_gmt":"2020-06-26T16:00:01","slug":"announcing-the-general-availability-of-microsoft-graph-identity-protection-apis","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/announcing-the-general-availability-of-microsoft-graph-identity-protection-apis\/","title":{"rendered":"Announcing the general availability of Microsoft Graph Identity Protection APIs"},"content":{"rendered":"<p>Today we\u2019re announcing general availability of our two Azure AD Identity Protection APIs in Microsoft Graph: <a href=\"https:\/\/docs.microsoft.com\/en-us\/graph\/api\/resources\/riskyuser?view=graph-rest-1.0\">riskyUsers<\/a> and <a href=\"https:\/\/docs.microsoft.com\/en-us\/graph\/api\/resources\/riskdetection?view=graph-rest-1.0\">riskDetections<\/a>. Previously you could only consume these APIs through the beta endpoint, but can now find the riskyUsers and riskDetections resource types on the v1.0 endpoint. These APIs enable you to query risk detections and risky users detected by Azure AD Identity Protection, and to take action on risky users.<\/p>\n<p>A few ways that you can gain value from these APIs include:<\/p>\n<ul>\n<li><a href=\"https:\/\/docs.microsoft.com\/graph\/api\/riskdetection-get?view=graph-rest-1.0&amp;tabs=http\">GET \/identityProtection\/riskDetections<\/a> \u2014\u00a0Returns information about specific risk detections and why they are risky, including the risk level, risk event type, and associated user<\/li>\n<li><a href=\"https:\/\/docs.microsoft.com\/graph\/api\/riskyuser-get?view=graph-rest-1.0&amp;tabs=http\">GET \/identityProtection\/riskyUsers<\/a> \u2014\u00a0 Returns information about specific users and their risk status. This can be useful to understand which users fit different risk profiles such as all the users with a specific risk level or whose risk state changed during a specific period of time.<\/li>\n<li><a href=\"https:\/\/docs.microsoft.com\/graph\/api\/riskyuser-get-riskyuserhistoryitem?view=graph-rest-1.0&amp;tabs=http\">GET \/identityProtection\/riskyUsers\/{riskyUserId}\/history<\/a> \u2014\u00a0Returns details about the risk history of a specific user, and the underlying reasons for changes to their risk status or level<\/li>\n<li><a href=\"https:\/\/docs.microsoft.com\/graph\/api\/riskyuser-confirmcompromised?view=graph-rest-1.0&amp;tabs=http\">POST \/identityProtection\/riskyUsers\/confirmCompromised \u2014\u00a0<\/a>Changes the user\u2019s risk level to high risk and reflects their compromise state in the risk detail. This can be helpful if you have investigated a risky user and want to update Identity Protection with their compromise status<\/li>\n<li><a href=\"https:\/\/docs.microsoft.com\/graph\/api\/riskyuser-dismiss?view=graph-rest-1.0&amp;tabs=http\">POST \/identityProtection\/riskyUsers\/dismiss<\/a> \u2014\u00a0Changes the user\u2019s risk level to none and closes all the underlying risk detections that led to the elevation of risk. This can be helpful if you have remediated a user outside of Identity Protection and want their risk level to be cleared.<\/li>\n<\/ul>\n<p>Now that these endpoints are available in v1.0, we invite you to use them in your production scenarios.<\/p>\n<h2>What\u2019s next?<\/h2>\n<p>With the general availability of our APIs in commercial and US government tenants, we will continue our journey to provide best in class protection for your Azure AD identities with future new risk detection types and additional enhancements. To learn more about Identity Protection, check out our <a href=\"https:\/\/aka.ms\/IdentityProtectionDocs\">documentation<\/a> and share your feedback with us through\u00a0<a href=\"https:\/\/feedback.azure.com\/forums\/169401-azure-active-directory\/\">UserVoice<\/a>.<\/p>\n<p>-Sarah Handler on behalf of the Identity Protection team.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Today we\u2019re announcing general availability of our two Azure AD Identity Protection APIs in Microsoft Graph: riskyUsers and riskDetections. Previously you could only consume these APIs through the beta endpoint, but can now find the riskyUsers and riskDetections resource types on the v1.0 endpoint. These APIs enable you to query risk detections and risky users detected by Azure AD Identity Protection, and to take action on risky users.<\/p>\n","protected":false},"author":69081,"featured_media":25159,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[3,5],"tags":[22],"class_list":["post-4901","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-microsoft-graph","category-microsoft-identity-platform","tag-azure-ad"],"acf":[],"blog_post_summary":"<p>Today we\u2019re announcing general availability of our two Azure AD Identity Protection APIs in Microsoft Graph: riskyUsers and riskDetections. Previously you could only consume these APIs through the beta endpoint, but can now find the riskyUsers and riskDetections resource types on the v1.0 endpoint. These APIs enable you to query risk detections and risky users detected by Azure AD Identity Protection, and to take action on risky users.<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/posts\/4901","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/users\/69081"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/comments?post=4901"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/posts\/4901\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/media\/25159"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/media?parent=4901"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/categories?post=4901"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/tags?post=4901"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}