Merge pull request #28459 from microsoftgraph/jiayle/doc-update-idp-for-agents

Add documentation for Blueprint ID and Source for IdentityProtection for Agents

Author: Lauragra

api-reference/beta/api/agentriskdetection-get.md

@@ -120,6 +120,7 @@ Content-Type: application/json
     "id": "1e384c2b0799b01834c0f886560a9a64e433135fe5b8607c535ebbfb03d2ee67",
     "agentId": "229da549-7a91-4365-900f-d4ef49a759a0",
     "agentDisplayName": "Ask HR Agent Identity",
+    "blueprintId": "b3390471-68c5-466a-9ac2-b93e2a454532",
     "identityType": "agentIdentity",
     "activityDateTime": "2025-07-30T15:38:56.9594972Z",
     "detectedDateTime": "2025-07-30T15:38:56.9594972Z",
@@ -130,7 +131,8 @@ Content-Type: application/json
     "riskState": "atRisk",
     "riskEventType": "unfamiliarResourceAccess",
     "riskEvidence": "Agent targeted resources that it does not usually access.",
-    "additionalInfo": ""
+    "additionalInfo": "",
+    "source": "activeDirectory"
   }
 }
 ```

api-reference/beta/api/identityprotectionroot-list-agentriskdetections.md

@@ -121,6 +121,7 @@ Content-Type: application/json
 			"id": "1e384c2b0799b01834c0f886560a9a64e433135fe5b8607c535ebbfb03d2ee67",
 			"agentId": "229da549-7a91-4365-900f-d4ef49a759a0",
 			"agentDisplayName": "Copilot Application",
+			"blueprintId": "b3390471-68c5-466a-9ac2-b93e2a454532",
 			"identityType": "agentIdentity",
 			"activityDateTime": "2025-07-30T15:38:56.9594972Z",
 			"detectedDateTime": "2025-07-30T15:38:56.9594972Z",
@@ -131,7 +132,8 @@ Content-Type: application/json
 			"riskState": "atRisk",
 			"riskEventType": "unfamiliarResourceAccess",
 			"riskEvidence": "Agent targeted resources that it does not usually access.",
-			"additionalInfo": ""
+			"additionalInfo": "",
+			"source": "activeDirectory"
     }
   ]
 }

api-reference/beta/api/riskyagent-get.md

@@ -119,6 +119,7 @@ Content-Type: application/json
     "@odata.type": "#microsoft.graph.riskyAgentUser",
     "id": "229da549-7a91-4365-900f-d4ef49a759a0",
     "agentDisplayName": "RiskyUserFirstPartyApp2",
+    "blueprintId": "b3390471-68c5-466a-9ac2-b93e2a454532",
     "identityType": "agentUser",
     "isDeleted": false,
     "isEnabled": true,

api-reference/beta/api/riskyagent-list.md

@@ -120,6 +120,7 @@ Content-Type: application/json
       "@odata.type": "#microsoft.graph.riskyAgentUser",
       "id": "ccdc88ee-d0bb-86b5-3500-1d38195c4d6f",
       "agentDisplayName": "RiskyUserFirstPartyApp2",
+      "blueprintId": "b3390471-68c5-466a-9ac2-b93e2a454532",
       "identityType": "agentUser",
       "isDeleted": false,
       "isEnabled": true,

api-reference/beta/resources/agentriskdetection.md

@@ -31,6 +31,7 @@ Inherits from [entity](../resources/entity.md).
 |additionalInfo|String|Additional information associated with the risk detection.|
 |agentDisplayName|String|Name of the agent. <br/><br/> Supports `$filter` (`eq`, `startsWith`).|
 |agentId|String|The unique identifier for the agent. This is equivalent to 'id' to the specific agent type. See [riskyAgentIdentity](../resources/riskyagentidentity.md), [riskyAgentIdentityBlueprintPrincipal](../resources/riskyagentidentityblueprintprincipal.md), and [riskyAgentUser](../resources/riskyagentuser.md). <br/><br/> Supports `$filter` (`eq`, `startsWith`).|
+|blueprintId|String|The identifier of the [blueprint](../resources/agentidentityblueprint.md) associated with the agent. Nullable.|
 |detectedDateTime|DateTimeOffset|Date and time that the risk was detected. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. <br/><br/> Supports `$filter` (`eq`, `le`, and `ge`).|
 |detectionTimingType|riskDetectionTimingType|Timing of the detected risk (real-time/offline). The possible values are: `notDefined`, `realtime`, `nearRealtime`, `offline`, `unknownFutureValue`.|
 |id|String| Unique ID of the risk detection. Inherited from [entity](../resources/entity.md).
@@ -41,6 +42,7 @@ Inherits from [entity](../resources/entity.md).
 |riskEvidence|String|Evidence on the risky activity occurred. <br/><br/> Supports `$filter` (`eq`).|
 |riskLevel|riskLevel|Level of the detected risk. The possible values are: `low`, `medium`, `high`, `hidden`, `none`, `unknownFutureValue`. <br/><br/> Supports `$filter` (`eq`).|
 |riskState|riskState|The state of a detected agentic risk. The possible values are: `none`, `confirmedSafe`, `dismissed`, `atRisk`, `confirmedCompromised`, `unknownFutureValue`. <br/><br/> Supports `$filter` (`eq`).|
+|source|String|The source system that generated the risk detection. Nullable.|
 
 ## Relationships
 None.
@@ -61,6 +63,7 @@ The following JSON representation shows the resource type.
   "id": "String (identifier)",
   "agentId": "String",
   "agentDisplayName": "String",
+  "blueprintId": "String",
   "identityType": "String",
   "activityDateTime": "String (timestamp)",
   "detectedDateTime": "String (timestamp)",
@@ -71,7 +74,8 @@ The following JSON representation shows the resource type.
   "riskState": "String",
   "riskEventType": "String",
   "riskEvidence": "String",
-  "additionalInfo": "String"
+  "additionalInfo": "String",
+  "source": "String"
 }
 ```
 

api-reference/beta/resources/riskyagent.md

@@ -31,6 +31,7 @@ Inherits from [entity](../resources/entity.md).
 |Property|Type|Description|
 |:---|:---|:---|
 |agentDisplayName|String|Name of the agent. <br/><br/> Supports `$filter` (`eq`, `startsWith`).
+|blueprintId|String|The identifier of the [blueprint](../resources/agentidentityblueprint.md) associated with the agent. Nullable.|
 |id|String|The object **id** of the [riskyAgentIdentity](../resources/riskyagentidentity.md), [riskyAgentIdentityBlueprintPrincipal](../resources/riskyagentidentityblueprintprincipal.md) or [riskyAgentUser](../resources/riskyagentuser.md). Inherited from [entity](../resources/entity.md). <br/><br/> Supports `$filter` (`eq`, `startsWith`).
 |identityType|[agentIdentityType](agentidentitytype.md)|The type of agent identity. The possible values are: `agentIdentity`, `agentUser`, `unknownFutureValue`, `agentIdentityBlueprintPrincipal`. You must use the `Prefer: include-unknown-enum-members` request header to get the following value in this evolvable enum: `agentIdentityBlueprintPrincipal`. Required. <br/><br/> Supports `$filter` (`eq`).|
 |isDeleted|Boolean|Indicates whether the agent is deleted.|
@@ -58,6 +59,7 @@ The following JSON representation shows the resource type.
   "@odata.type": "#microsoft.graph.riskyAgent",
   "id": "String (identifier)",
   "agentDisplayName": "String",
+  "blueprintId": "String",
   "identityType": "String",
   "isDeleted": "Boolean",
   "isEnabled": "Boolean",

changelog/Microsoft.IdentityProtectionServices.json

@@ -1,5 +1,39 @@
 {
   "changelog": [
+    {
+      "ChangeList": [
+        {
+          "Id": "64db359a-9279-46f0-8afe-b37bb1f7ea3c",
+          "ApiChange": "Property",
+          "ChangedApiName": "blueprintId",
+          "ChangeType": "Addition",
+          "Description": "Added the **blueprintId** property to the [agentRiskDetection](https://learn.microsoft.com/en-us/graph/api/resources/agentriskdetection?view=graph-rest-beta) resource.",
+          "Target": "agentRiskDetection"
+        },
+        {
+          "Id": "64db359a-9279-46f0-8afe-b37bb1f7ea3c",
+          "ApiChange": "Property",
+          "ChangedApiName": "source",
+          "ChangeType": "Addition",
+          "Description": "Added the **source** property to the [agentRiskDetection](https://learn.microsoft.com/en-us/graph/api/resources/agentriskdetection?view=graph-rest-beta) resource.",
+          "Target": "agentRiskDetection"
+        },
+        {
+          "Id": "64db359a-9279-46f0-8afe-b37bb1f7ea3c",
+          "ApiChange": "Property",
+          "ChangedApiName": "blueprintId",
+          "ChangeType": "Addition",
+          "Description": "Added the **blueprintId** property to the [riskyAgent](https://learn.microsoft.com/en-us/graph/api/resources/riskyagent?view=graph-rest-beta) resource.",
+          "Target": "riskyAgent"
+        }
+      ],
+      "Id": "64db359a-9279-46f0-8afe-b37bb1f7ea3c",
+      "Cloud": "Prod",
+      "Version": "beta",
+      "CreatedDateTime": "2026-03-18T23:32:20.7694567Z",
+      "WorkloadArea": "Identity and access",
+      "SubArea": "Identity and sign-in"
+    },
     {
       "ChangeList": [
         {
@@ -34,7 +68,7 @@
       "WorkloadArea": "Identity and access",
       "SubArea": "Identity and sign-in"
     },
-        {
+    {
       "ChangeList": [
         {
           "Id": "06d86e7b-9fb6-48a1-aeb3-dfaadb79d9f9",
@@ -2023,6 +2057,6 @@
       "CreatedDateTime": "2025-11-18T21:09:42.1591906Z",
       "WorkloadArea": "Agents",
       "SubArea": ""
-    }    
+    }
   ]
-}
+}

concepts/whats-new-overview.md

@@ -65,6 +65,33 @@ Manage Teams apps at the channel level within a team using the following APIs:
 
 Introducing new [Follow user](/graph/api/storyline-follow?view=graph-rest-beta&preserve-view=true), [Unfollow user](/graph/api/storyline-unfollow?view=graph-rest-beta&preserve-view=true), [List Followers](/graph/api/storyline-list-followers?view=graph-rest-beta&preserve-view=true), [List Following](/graph/api/storyline-list-followings?view=graph-rest-beta&preserve-view=true) APIs for Viva Engage to manage storyline following relationships.
 
+Added support for the `DELETE /groups/{group-id}/drive/items/{item-id}/retentionLabel`, `DELETE /me/drive/items/{item-id}/retentionLabel`, and `DELETE /users/{user-id}/drive/items/{item-id}/retentionLabel` endpoints to the [driveItem: removeRetentionLabel](/graph/api/driveitem-removeretentionlabel?view=graph-rest-beta&preserve-view=true) API.
+
+### Files | File storage container
+
+[Archive](/graph/api/filestoragecontainer-archive?view=graph-rest-beta&preserve-view=true) or [unarchive](/graph/api/filestoragecontainer-unarchive?view=graph-rest-beta&preserve-view=true) a SharePoint Embedded storage container.
+
+### Identity and access | Governance
+
+- Added **privilegeLevel** as a property on [accessPackageCatalog](/graph/api/resources/accesspackagecatalog?view=graph-rest-beta&preserve-view=true). This value represents the privilege level of the access package catalogs.
+- Added the [targetAgentIdentitySponsorsOrOwners](/graph/api/resources/targetagentidentitysponsorsorowners?view=graph-rest-beta&preserve-view=true) resource type that defines the sponsors or owners of a specific agent identity.
+
+### Identity and access | Identity and sign-in
+
+- Added the **blueprintId** property to the [agentRiskDetection](/graph/api/resources/agentriskdetection?view=graph-rest-beta&preserve-view=true) resource.
+- Added the **source** property to the [agentRiskDetection](/graph/api/resources/agentriskdetection?view=graph-rest-beta&preserve-view=true) resource.
+- Added the **blueprintId** property to the [riskyAgent](/graph/api/resources/riskyagent?view=graph-rest-beta&preserve-view=true) resource.
+
+### Identity and access | Network access
+
+- Added the **homeTenantId**, **crossTenantAccessType**, and **deviceJoinType** properties to the [connection](/graph/api/resources/networkaccess-connection?view=graph-rest-beta&preserve-view=true) resource to support Bring Your Own Device (BYOD) and Business-to-Business (B2B) collaboration scenarios in Global Secure Access traffic connection logs.
+- Added the [crossTenantAccessType](/graph/api/resources/networkaccess-crosstenantaccesstype?view=graph-rest-beta&preserve-view=true) enumeration type.
+- Added the [deviceJoinType](/graph/api/resources/networkaccess-devicejointype?view=graph-rest-beta&preserve-view=true) enumeration type.
+- Added the Cloud Firewall APIs to manage firewall policies, rules, and policy links for Microsoft Entra Global Secure Access. Use the following new resources and their associated APIs:
+  - Use the [cloudFirewallPolicy](/graph/api/resources/networkaccess-cloudfirewallpolicy?view=graph-rest-beta&preserve-view=true) resource and its associated methods to create and manage cloud firewall policies.
+  - Use the [cloudFirewallRule](/graph/api/resources/networkaccess-cloudfirewallrule?view=graph-rest-beta&preserve-view=true) resource and its associated methods to define firewall rules with source and destination matching conditions.
+  - Use the [cloudFirewallPolicyLink](/graph/api/resources/networkaccess-cloudfirewallpolicylink?view=graph-rest-beta&preserve-view=true) resource and its associated methods to link cloud firewall policies to filtering profiles.
+
 ### Calendars | Places
 
 - Added a known issue of RBAC in [Places update API](/graph/api/place-update): update requests may still succeed without *Exchange Administrator* role but result in unexpected behaviors.