| title | riskDetail enum type |
|---|---|
| description | Represents the reason behind a specific state of a risky user, sign-in, service principal, or agent. |
| author | FaithOmbongi |
| ms.localizationpriority | medium |
| ms.date | 11/28/2025 |
| ms.subservice | entra-sign-in |
| doc_type | enumPageType |
Namespace: microsoft.graph
[!INCLUDE beta-disclaimer]
Represents the reason behind a specific state of a risky user, sign-in, service principal, or agent. This enumeration is used by multiple resources.
This enumeration is used by multiple resources. The possible values are: none, adminGeneratedTemporaryPassword, userPerformedSecuredPasswordChange, userPerformedSecuredPasswordReset, adminConfirmedSigninSafe, aiConfirmedSigninSafe, userPassedMFADrivenByRiskBasedPolicy, adminDismissedAllRiskForUser, adminConfirmedSigninCompromised, hidden, adminConfirmedUserCompromised, unknownFutureValue, adminConfirmedServicePrincipalCompromised, adminDismissedAllRiskForServicePrincipal, m365DAdminDismissedDetection, userChangedPasswordOnPremises, adminDismissedRiskForSignIn, adminConfirmedAccountSafe, adminConfirmedAgentSafe, adminConfirmedAgentCompromised, adminDismissedRiskForAgent, microsoftRevokedSessions. Use the Prefer: include-unknown-enum-members request header to get the following value(s) in this evolvable enum: adminConfirmedServicePrincipalCompromised, adminDismissedAllRiskForServicePrincipal, m365DAdminDismissedDetection, userChangedPasswordOnPremises, adminDismissedRiskForSignIn, adminConfirmedAccountSafe, adminConfirmedAgentSafe, adminConfirmedAgentCompromised, adminDismissedRiskForAgent, microsoftRevokedSessions.
| Member | Description |
|---|---|
| none | No details are available for the risk state. Applies to: |
| adminGeneratedTemporaryPassword | An admin generated a temporary password for the user. Applies to: |
| userPerformedSecuredPasswordChange | The user performed a secure password change. Applies to: |
| userPerformedSecuredPasswordReset | The user performed a secure password reset. Applies to: |
| adminConfirmedSigninSafe | An admin confirmed the sign-in as safe. Applies to: |
| aiConfirmedSigninSafe | AI confirmed the sign-in as safe. Applies to: |
| userPassedMFADrivenByRiskBasedPolicy | The user passed multifactor authentication (MFA) driven by a risk-based policy. Applies to: |
| adminDismissedAllRiskForUser | An admin dismissed all risk for the user. Applies to: |
| adminConfirmedSigninCompromised | An admin confirmed the sign-in as compromised. Applies to: |
| hidden | The risk state is hidden. Applies to: |
| adminConfirmedUserCompromised | An admin confirmed the user as compromised. Applies to: |
| unknownFutureValue | Evolvable enumeration sentinel value. Don't use. Applies to: |
| adminConfirmedServicePrincipalCompromised | An admin confirmed the service principal as compromised. Applies to: |
| adminDismissedAllRiskForServicePrincipal | An admin dismissed all risk for the service principal. Applies to: |
| m365DAdminDismissedDetection | A Microsoft Defender XDR admin dismissed the detection. Applies to: |
| userChangedPasswordOnPremises | The user changed their password on-premises. Applies to: |
| adminDismissedRiskForSignIn | An admin dismissed the risk for the sign-in. Applies to: |
| adminConfirmedAccountSafe | An admin confirmed the account as safe. Applies to: |
| adminConfirmedAgentSafe | An admin confirmed the agent as safe. Applies to: |
| adminConfirmedAgentCompromised | An admin confirmed the agent as compromised. Applies to: |
| adminDismissedRiskForAgent | An admin dismissed the risk for the agent. Applies to: |
| microsoftRevokedSessions | Microsoft revoked the user's sessions. Applies to: |
The following JSON representation shows the resource type.
{
"@odata.type": "#microsoft.graph.riskDetail"
}