Use the Azure AD identity protection API (preview)


APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported.

You can use Microsoft Graph to query the identityRiskEvent resource for each type of risk event detected by Azure AD Identity Protection. These events are available to customers with Azure AD Premium P2. A subset of events is available to customers with Azure AD Premium P1.

Use the following operations to get these events and associated information:

Method Return Type Description
List identityRiskEvent identityRiskEvent Get identityRiskEvent collection.
Get identityRiskEvent identityRiskEvent Get identityRiskEvent object.
List anonymousIpRiskEvent anonymousIpRiskEvent Get anonymousIpRiskEvent collection.
Get anonymousIpRiskEvent anonymousIpRiskEvent Get anonymousIpRiskEvent object.
List impossibleTravelRiskEvent impossibleTravelRiskEvent Get impossibleTravelRiskEvent collection.
Get impossibleTravelRiskEvent impossibleTravelRiskEvent Get impossibleTravelRiskEvent object.
List leakedCredentialsRiskEvent leakedCredentialsRiskEvent Get leakedCredentialsRiskEvent collection.
Get leakedCredentialsRiskEvent leakedCredentialsRiskEvent Get leakedCredentialsRiskEvent object.
List malwareRiskEvent malwareRiskEvent Get malwareRiskEvent collection.
Get malwareRiskEvent malwareRiskEvent Get malwareRiskEvent object.
List suspiciousIpRiskEvent suspiciousIpRiskEvent Get suspiciousIpRiskEvent collection.
Get suspiciousIpRiskEvent suspiciousIpRiskEvent Get suspiciousIpRiskEvent object.
List unfamiliarLocationRiskEvent unfamiliarLocationRiskEvent Get unfamiliarLocationRiskEvent collection.
Get unfamiliarLocationRiskEvent unfamiliarLocationRiskEvent Get unfamiliarLocationRiskEvent object.

See also