通过UI我指的是Risky sign-ins report in the Azure Active Directory portal。
无法找到如何以编程方式检索“风险登录”报告。好吧,我可以从AAD Graph API(不是Microsoft Graph)找到"old way"。
这是否包含在Microsoft Graph中(我没有找到它)?甚至是别的地方?
Office 365管理API上的活动源似乎通过Audit.AzureActiveDirectory获得原始数据,这有点可笑,但我还没想到会找到那种数据。
答案 0 :(得分:1)
我相信您正在寻找的REST呼叫是GET https://graph.microsoft.com/beta/identityRiskEvents
。响应包括Identity risk event objects列表,如下所示:
{
"@odata.type": "#microsoft.graph.unfamiliarLocationRiskEvent",
"closedDateTime": "2016-01-29T20:03:57.7872426Z",
"createdDateTime": "2016-01-29T00:01:49.126468Z",
"id": "ec50e9fb-9da1-215b-e18c-b7e2a716b2a6-9eaaa2e3-4681-ae31-1eb6-7e46ae11ac89-db69711e-9324-ec99-f010-6e63fb972e98",
"ipAddress": "176.10.104.240",
"location": "Bern, CH",
"riskEventDateTime": "2016-01-29T00:00:56.2255665Z",
"riskEventStatus": "remediated",
"riskLevel": "medium",
"riskType": "UnfamiliarLocationRiskEvent",
"userDisplayName": "Jon Doe",
"userId": "9eaaa2e3-4681-ae31-1eb6-7e46ae11ac89",
"userPrincipalName": "jon@contoso.com"
}
相关文件