Get-MgBetaRiskDetection
Retrieve the properties of a collection of riskDetection objects.
Note
To view the v1.0 release of this cmdlet, view Get-MgRiskDetection
Syntax
Get-MgBetaRiskDetection
[-ExpandProperty <String[]>]
[-Property <String[]>]
[-Filter <String>]
[-Search <String>]
[-Skip <Int32>]
[-Sort <String[]>]
[-Top <Int32>]
[-ResponseHeadersVariable <String>]
[-Headers <IDictionary>]
[-PageSize <Int32>]
[-All]
[-CountVariable <String>]
[-ProgressAction <ActionPreference>]
[<CommonParameters>] Get-MgBetaRiskDetection
-RiskDetectionId <String>
[-ExpandProperty <String[]>]
[-Property <String[]>]
[-ResponseHeadersVariable <String>]
[-Headers <IDictionary>]
[-ProgressAction <ActionPreference>]
[<CommonParameters>] Get-MgBetaRiskDetection
-InputObject <IIdentitySignInsIdentity>
[-ExpandProperty <String[]>]
[-Property <String[]>]
[-ResponseHeadersVariable <String>]
[-Headers <IDictionary>]
[-ProgressAction <ActionPreference>]
[<CommonParameters>] Description
Retrieve the properties of a collection of riskDetection objects.
Permissions
| Permission type | Least privileged permissions | Higher privileged permissions |
|---|---|---|
| Delegated (work or school account) | IdentityRiskEvent.Read.All | Not available. |
| Delegated (personal Microsoft account) | Not supported. | Not supported. |
| Application | IdentityRiskEvent.Read.All | Not available. |
Permissions
| Permission type | Least privileged permissions | Higher privileged permissions |
|---|---|---|
| Delegated (work or school account) | IdentityRiskEvent.Read.All | Not available. |
| Delegated (personal Microsoft account) | Not supported. | Not supported. |
| Application | IdentityRiskEvent.Read.All | Not available. |
Examples
Example 1: Get all riskDetections
Connect-MgBetaGraph -Scopes "IdentityRiskEvent.Read.All"
Get-MgBetaRiskDetection -All | Format-Table UserDisplayName, RiskType, RiskLevel, DetectedDateTime
UserDisplayName RiskType RiskLevel DetectedDateTime
--------------- -------- --------- ----------------
Jason Mayer anonymizedIPAddress medium 4/19/2022 10:44:40 PM
Jason Mayer generic medium 4/20/2022 1:16:29 PM
Jason Mayer anonymizedIPAddress high 4/21/2022 9:50:28 PM
Jason Mayer unfamiliarFeatures high 4/21/2022 10:07:33 PM
Jason Mayer unlikelyTravel medium 4/21/2022 10:42:04 PM
Jason Mayer generic medium 4/23/2022 12:52:20 PM
Alice Su unfamiliarFeatures low 5/2/2022 12:01:44 AM
Alice Su unlikelyTravel low 5/2/2022 2:16:22 AMThis command returns a list of all users.
Example 2: Get riskDetections by user displayname
Connect-MgBetaGraph -Scopes "IdentityRiskEvent.Read.All"
Get-MgBetaRiskDetection -Filter "UserDisplayname eq 'Jason Mayer'" | Format-Table UserDisplayName, RiskType, RiskLevel, DetectedDateTime
UserDisplayName RiskType RiskLevel DetectedDateTime
--------------- -------- --------- ----------------
Jason Mayer anonymizedIPAddress medium 4/19/2022 10:44:40 PM
Jason Mayer generic medium 4/20/2022 1:16:29 PM
Jason Mayer anonymizedIPAddress high 4/21/2022 9:50:28 PM
Jason Mayer unfamiliarFeatures high 4/21/2022 10:07:33 PM
Jason Mayer unlikelyTravel medium 4/21/2022 10:42:04 PM
Jason Mayer generic medium 4/23/2022 12:52:20 PMThis command returns all risk detections for the specified user
Example 3: Get riskDetections by risk type
Connect-MgBetaGraph -Scopes "IdentityRiskEvent.Read.All"
Get-MgBetaRiskDetection -Filter "RiskType eq 'anonymizedIPAddress'" | Format-Table UserDisplayName, RiskType, RiskLevel, DetectedDateTime
UserDisplayName RiskType RiskLevel DetectedDateTime
--------------- -------- --------- ----------------
Jason Mayer anonymizedIPAddress high 4/21/2022 9:50:28 PM
Jason Mayer anonymizedIPAddress medium 4/19/2022 10:44:40 PM
Alex Su anonymizedIPAddress high 6/9/2022 4:31:19 AMThis command returns all risk detections for the anonymizedIPAddress risk detection
Example 4: Get all riskDetections for a particular user with high risk
Connect-MgBetaGraph -Scopes "IdentityRiskEvent.Read.All"
Get-MgBetaRiskDetection -Filter "UserDisplayName eq 'Jason Mayer' and Risklevel eq 'high'" | Format-Table UserDisplayName, RiskType, RiskLevel, DetectedDateTime
UserDisplayName RiskType RiskLevel DetectedDateTime
--------------- -------- --------- ----------------
Jason Mayer anonymizedIPAddress high 4/21/2022 9:50:28 PM
Jason Mayer unfamiliarFeatures high 4/21/2022 10:07:33 PMThis command returns all risk detections with high risks for the specified user
Parameters
-All
List all pages.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | False |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-CountVariable
Specifies a count of the total number of items in a collection. By default, this variable will be set in the global scope.
| Type: | String |
| Aliases: | CV |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ExpandProperty
Expand related entities
| Type: | String[] |
| Aliases: | Expand |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Filter
Filter items by property values
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Headers
Optional headers that will be added to the request.
| Type: | IDictionary |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-InputObject
Identity Parameter To construct, see NOTES section for INPUTOBJECT properties and create a hash table.
| Type: | IIdentitySignInsIdentity |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-PageSize
Sets the page size of results.
| Type: | Int32 |
| Position: | Named |
| Default value: | 0 |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ProgressAction
{{ Fill ProgressAction Description }}
| Type: | ActionPreference |
| Aliases: | proga |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Property
Select properties to be returned
| Type: | String[] |
| Aliases: | Select |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ResponseHeadersVariable
Optional Response Headers Variable.
| Type: | String |
| Aliases: | RHV |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-RiskDetectionId
The unique identifier of riskDetection
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Search
Search items by search phrases
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Skip
Skip the first n items
| Type: | Int32 |
| Position: | Named |
| Default value: | 0 |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Sort
Order items by property values
| Type: | String[] |
| Aliases: | OrderBy |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Top
Show only the first n items
| Type: | Int32 |
| Aliases: | Limit |
| Position: | Named |
| Default value: | 0 |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
Microsoft.Graph.Beta.PowerShell.Models.IIdentitySignInsIdentity
System.Collections.IDictionary
Outputs
Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphRiskDetection
Notes
COMPLEX PARAMETER PROPERTIES
To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables.
INPUTOBJECT <IIdentitySignInsIdentity>: Identity Parameter
[ActivityBasedTimeoutPolicyId <String>]: The unique identifier of activityBasedTimeoutPolicy[AppManagementPolicyId <String>]: The unique identifier of appManagementPolicy[AuthenticationCombinationConfigurationId <String>]: The unique identifier of authenticationCombinationConfiguration[AuthenticationConditionApplicationAppId <String>]: The unique identifier of authenticationConditionApplication[AuthenticationContextClassReferenceId <String>]: The unique identifier of authenticationContextClassReference[AuthenticationEventListenerId <String>]: The unique identifier of authenticationEventListener[AuthenticationEventsFlowId <String>]: The unique identifier of authenticationEventsFlow[AuthenticationMethodConfigurationId <String>]: The unique identifier of authenticationMethodConfiguration[AuthenticationMethodId <String>]: The unique identifier of authenticationMethod[AuthenticationMethodModeDetailId <String>]: The unique identifier of authenticationMethodModeDetail[AuthenticationMethodModes <String-[]>]: Usage: authenticationMethodModes={authenticationMethodModes}[AuthenticationStrengthPolicyId <String>]: The unique identifier of authenticationStrengthPolicy[AuthorizationPolicyId <String>]: The unique identifier of authorizationPolicy[B2CIdentityUserFlowId <String>]: The unique identifier of b2cIdentityUserFlow[B2XIdentityUserFlowId <String>]: The unique identifier of b2xIdentityUserFlow[BitlockerRecoveryKeyId <String>]: The unique identifier of bitlockerRecoveryKey[CertificateBasedAuthConfigurationId <String>]: The unique identifier of certificateBasedAuthConfiguration[ClaimsMappingPolicyId <String>]: The unique identifier of claimsMappingPolicy[ConditionalAccessPolicyId <String>]: The unique identifier of conditionalAccessPolicy[ConditionalAccessTemplateId <String>]: The unique identifier of conditionalAccessTemplate[CrossTenantAccessPolicyConfigurationPartnerTenantId <String>]: The unique identifier of crossTenantAccessPolicyConfigurationPartner[CustomAuthenticationExtensionId <String>]: The unique identifier of customAuthenticationExtension[DataLossPreventionPolicyId <String>]: The unique identifier of dataLossPreventionPolicy[DataPolicyOperationId <String>]: The unique identifier of dataPolicyOperation[DefaultUserRoleOverrideId <String>]: The unique identifier of defaultUserRoleOverride[DirectoryObjectId <String>]: The unique identifier of directoryObject[EmailAuthenticationMethodId <String>]: The unique identifier of emailAuthenticationMethod[FeatureRolloutPolicyId <String>]: The unique identifier of featureRolloutPolicy[Fido2AuthenticationMethodId <String>]: The unique identifier of fido2AuthenticationMethod[GroupId <String>]: The unique identifier of group[HomeRealmDiscoveryPolicyId <String>]: The unique identifier of homeRealmDiscoveryPolicy[IdentityApiConnectorId <String>]: The unique identifier of identityApiConnector[IdentityProviderBaseId <String>]: The unique identifier of identityProviderBase[IdentityProviderId <String>]: The unique identifier of identityProvider[IdentityUserFlowAttributeAssignmentId <String>]: The unique identifier of identityUserFlowAttributeAssignment[IdentityUserFlowAttributeId <String>]: The unique identifier of identityUserFlowAttribute[IdentityUserFlowId <String>]: The unique identifier of identityUserFlow[InformationProtectionLabelId <String>]: The unique identifier of informationProtectionLabel[LongRunningOperationId <String>]: The unique identifier of longRunningOperation[MicrosoftAuthenticatorAuthenticationMethodId <String>]: The unique identifier of microsoftAuthenticatorAuthenticationMethod[MobilityManagementPolicyId <String>]: The unique identifier of mobilityManagementPolicy[MultiTenantOrganizationMemberId <String>]: The unique identifier of multiTenantOrganizationMember[NamedLocationId <String>]: The unique identifier of namedLocation[OAuth2PermissionGrantId <String>]: The unique identifier of oAuth2PermissionGrant[OrganizationId <String>]: The unique identifier of organization[PasswordAuthenticationMethodId <String>]: The unique identifier of passwordAuthenticationMethod[PasswordlessMicrosoftAuthenticatorAuthenticationMethodId <String>]: The unique identifier of passwordlessMicrosoftAuthenticatorAuthenticationMethod[PermissionGrantConditionSetId <String>]: The unique identifier of permissionGrantConditionSet[PermissionGrantPolicyId <String>]: The unique identifier of permissionGrantPolicy[PermissionGrantPreApprovalPolicyId <String>]: The unique identifier of permissionGrantPreApprovalPolicy[PhoneAuthenticationMethodId <String>]: The unique identifier of phoneAuthenticationMethod[PlatformCredentialAuthenticationMethodId <String>]: The unique identifier of platformCredentialAuthenticationMethod[RiskDetectionId <String>]: The unique identifier of riskDetection[RiskyServicePrincipalHistoryItemId <String>]: The unique identifier of riskyServicePrincipalHistoryItem[RiskyServicePrincipalId <String>]: The unique identifier of riskyServicePrincipal[RiskyUserHistoryItemId <String>]: The unique identifier of riskyUserHistoryItem[RiskyUserId <String>]: The unique identifier of riskyUser[SensitivityLabelId <String>]: The unique identifier of sensitivityLabel[SensitivityLabelId1 <String>]: The unique identifier of sensitivityLabel[ServicePrincipalCreationConditionSetId <String>]: The unique identifier of servicePrincipalCreationConditionSet[ServicePrincipalCreationPolicyId <String>]: The unique identifier of servicePrincipalCreationPolicy[ServicePrincipalRiskDetectionId <String>]: The unique identifier of servicePrincipalRiskDetection[SoftwareOathAuthenticationMethodId <String>]: The unique identifier of softwareOathAuthenticationMethod[TemporaryAccessPassAuthenticationMethodId <String>]: The unique identifier of temporaryAccessPassAuthenticationMethod[ThreatAssessmentRequestId <String>]: The unique identifier of threatAssessmentRequest[ThreatAssessmentResultId <String>]: The unique identifier of threatAssessmentResult[TokenIssuancePolicyId <String>]: The unique identifier of tokenIssuancePolicy[TokenLifetimePolicyId <String>]: The unique identifier of tokenLifetimePolicy[TrustFrameworkKeySetId <String>]: The unique identifier of trustFrameworkKeySet[TrustFrameworkKeyV2Kid <String>]: The unique identifier of trustFrameworkKey_v2[TrustFrameworkPolicyId <String>]: The unique identifier of trustFrameworkPolicy[UnifiedRoleManagementPolicyAssignmentId <String>]: The unique identifier of unifiedRoleManagementPolicyAssignment[UnifiedRoleManagementPolicyId <String>]: The unique identifier of unifiedRoleManagementPolicy[UnifiedRoleManagementPolicyRuleId <String>]: The unique identifier of unifiedRoleManagementPolicyRule[UserFlowLanguageConfigurationId <String>]: The unique identifier of userFlowLanguageConfiguration[UserFlowLanguagePageId <String>]: The unique identifier of userFlowLanguagePage[UserId <String>]: The unique identifier of user[WindowsHelloForBusinessAuthenticationMethodId <String>]: The unique identifier of windowsHelloForBusinessAuthenticationMethod