通过Microsoft Graph报告危险的登录信息

Question

通过UI我指的是Risky sign-ins report in the Azure Active Directory portal。

无法找到如何以编程方式检索“风险登录”报告。好吧，我可以从AAD Graph API（不是Microsoft Graph）找到"old way"。

这是否包含在Microsoft Graph中（我没有找到它）？甚至是别的地方？

Office 365管理API上的活动源似乎通过Audit.AzureActiveDirectory获得原始数据，这有点可笑，但我还没想到会找到那种数据。

Answer 1

我相信您正在寻找的REST呼叫是GET https://graph.microsoft.com/beta/identityRiskEvents。响应包括Identity risk event objects列表，如下所示：

{
  "@odata.type": "#microsoft.graph.unfamiliarLocationRiskEvent",
  "closedDateTime": "2016-01-29T20:03:57.7872426Z",
  "createdDateTime": "2016-01-29T00:01:49.126468Z",
  "id": "ec50e9fb-9da1-215b-e18c-b7e2a716b2a6-9eaaa2e3-4681-ae31-1eb6-7e46ae11ac89-db69711e-9324-ec99-f010-6e63fb972e98",
  "ipAddress": "176.10.104.240",
  "location": "Bern, CH",
  "riskEventDateTime": "2016-01-29T00:00:56.2255665Z",
  "riskEventStatus": "remediated",
  "riskLevel": "medium",
  "riskType": "UnfamiliarLocationRiskEvent",
  "userDisplayName": "Jon Doe",
  "userId": "9eaaa2e3-4681-ae31-1eb6-7e46ae11ac89",
  "userPrincipalName": "jon@contoso.com"
}

相关文件

• Get started with Azure Active Directory Identity Protection and Microsoft Graph
• https://developer.microsoft.com/en-us/graph/docs/api-reference/beta/api/identityriskevent_list