Skip to content

signin-confirmcompromised.md

Latest commit

 

History

History
122 lines (91 loc) · 4.41 KB

signin-confirmcompromised.md

File metadata and controls

122 lines (91 loc) · 4.41 KB
title signIn: confirmCompromised
description Allow admins to mark Microsoft Entra sign-in events as risky for Microsoft Entra ID Protection.
author egreenberg14
ms.localizationpriority medium
ms.subservice entra-monitoring-health
doc_type apiPageType
ms.date 04/04/2024

signIn: confirmCompromised

Namespace: microsoft.graph

[!INCLUDE beta-disclaimer]

Allow admins to mark an event in the Microsoft Entra sign-in logs as risky. Events marked as risky by an admin are immediately flagged as high risk in Microsoft Entra ID Protection, overriding previous risk states. Admins can confirm that events flagged as risky by Microsoft Entra ID Protection are in fact risky.

For details about investigating Identity Protection risks, see How to investigate risk.

[!INCLUDE national-cloud-support]

Permissions

Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions only if your app requires it. For details about delegated and application permissions, see Permission types. To learn more about these permissions, see the permissions reference.

[!INCLUDE permissions-table]

[!INCLUDE rbac-signin-apis-write]

HTTP request

POST /auditLogs/signIns/confirmCompromised

Request headers

Name Description
Authorization Bearer {token}. Required. Learn more about authentication and authorization.
Content-Type application/json. Required.

Request body

In the request body, supply JSON representation of the parameters.

The following table shows the parameters that can be used with this action.

Parameter Type Description
requestIds String collection The IDs of the sign in events that should be marked risky for Microsoft Entra ID Protection.

Response

If successful, this action returns a 204 No Content response code.

Examples

Request

HTTP

POST https://graph.microsoft.com/beta/auditLogs/signIns/confirmCompromised
Content-Type: application/json

{
  "requestIds": [
    "f01c6af6-6683-4a37-a945-0a925501eede",
    "42bf60ac-d0cb-4206-aa5c-101884298f55",
    "f09c8f14-8d8e-42cf-8a7e-732b0594e79b"
  ]
}

C#

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

Go

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

Java

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

JavaScript

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

PHP

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

PowerShell

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

Python

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

Response

HTTP/1.1 204 No Content