| title | reportSuspiciousActivitySettings resource type |
|---|---|
| description | Report suspicious activity enables users in the tenant to report multifactor authentication prompts as suspicious, indicating the user's credentials may have been compromised. |
| author | gregkmsft |
| ms.reviewer | intelligentaccesspm |
| ms.localizationpriority | medium |
| ms.subservice | entra-sign-in |
| doc_type | resourcePageType |
| ms.date | 04/03/2024 |
Namespace: microsoft.graph
[!INCLUDE beta-disclaimer]
Defines the report suspicious activity settings for the tenant, whether it's enabled and which group of users is enabled for use. Report suspicious activity enables users to report a suspicious voice or phone app notification multifactor authentication prompt as suspicious. These users have their user risk set to high, and a risk detection riskEventType of userReportedSuspiciousActivity is emitted.
| Property | Type | Description |
|---|---|---|
| includeTarget | includeTarget | Group IDs in scope for report suspicious activity. |
| state | advancedConfigState | Specifies the state of the reportSuspiciousActivitySettings object. The possible values are: default, enabled, disabled, unknownFutureValue. Setting to default results in a disabled state. |
| voiceReportingCode | Int32 | Specifies the number the user enters on their phone to report the MFA prompt as suspicious. |
None.
The following JSON representation shows the resource type.
{
"@odata.type": "#microsoft.graph.reportSuspiciousActivitySettings",
"includeTarget": {
"@odata.type": "microsoft.graph.includeTarget"
},
"voiceReportingCode": "Integer",
"state": "String"
}