ESC
Type to search...
Navigate Open ESC Close

IdentityRiskyAgent.ReadWrite.All

Export JSON
Export CSV
Copy URL
Print
ApplicationDelegated Read/Write All Resources

Allows the app to read and update risky agents information in your organization without a signed-in user.

Permission data: April 6, 2026 at 4:06 AM UTC
Delegated Access App-Only Access

Permission Details

Application Permission

Read and write risky agents information

Allows the app to read and update risky agents information in your organization without a signed-in user.

Permission ID: dca4e4fd-a7cf-4e6f-86d1-d1ec094d766e
Delegated Permission Admin consent required

Read and write risky agents information

Allows the app to read and update identity risky agents information for all agents in your organization on behalf of the signed-in user. Update operations include dismissing risky agents.

User sees: Allows the app to read and update identity risky agents information for all agents in your organization on your behalf. Update operations include dismissing risky agents.
Permission ID: d343bdeb-db6a-4e06-97da-9dafc2d61c60

Properties

Microsoft Graph beta endpoint-derived-docs

Properties is shown from beta metadata because a stable v1.0 schema is not available for this resource mapping.

Property Type Description
agentDisplayName StringNullable Name of the agent. , , Supports $filter (eq, startsWith).
blueprintId String The identifier of the blueprint associated with the agent. Nullable.
id String The object id of the riskyAgentIdentity, riskyAgentIdentityBlueprintPrincipal or riskyAgentUser. Inherited from entity. , , Supports $filter (eq, startsWith).
identityType agentIdentityType The type of agent identity. The possible values are: agentIdentity, agentUser, unknownFutureValue, agentIdentityBlueprintPrincipal. You must use the Prefer: include-unknown-enum-members request header to get the following value in this evolvable enum: agentIdentityBlueprintPrincipal. Required. , , Supports $filter (eq).
isDeleted Boolean Indicates whether the agent is deleted.
isEnabled Boolean Indicates whether the agent is enabled.
isProcessing Boolean Indicates whether an agent's risky state is processing in the backend.
riskDetail riskDetail Details of the detected risk of the agent. , , Supports $filter (eq).
riskLastModifiedDateTime DateTimeOffsetNullable The date and time that the risky agent was last updated. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. , , Supports $filter (eq, le, and ge).
riskLevel riskLevel Level of the detected risky agent. The possible values are: low, medium, high, hidden, none, unknownFutureValue. , , Supports $filter (eq).
riskState riskState State of the agent's risk. The possible values are: none, confirmedSafe, dismissed, atRisk, confirmedCompromised, unknownFutureValue. , , Supports $filter (eq).

JSON Representation

Microsoft Graph beta endpoint-derived-docs

JSON representation is shown from beta metadata because a stable v1.0 schema is not available for this resource mapping.

JSON representation 
{
  "@odata.type": "#microsoft.graph.riskyAgent",
  "id": "String (identifier)",
  "agentDisplayName": "String",
  "blueprintId": "String",
  "identityType": "String",
  "isDeleted": "Boolean",
  "isEnabled": "Boolean",
  "isProcessing": "Boolean",
  "riskLastModifiedDateTime": "String (timestamp)",
  "riskState": "String",
  "riskLevel": "String",
  "riskDetail": "String"
}

Relationships

Microsoft Graph beta schema-derived

Relationships is shown from beta metadata because a stable v1.0 schema is not available for this resource mapping.

Relationship Type Description
identityType agentIdentityType Related identityType data exposed by this resource.
riskDetail riskDetail Related riskDetail data exposed by this resource.
riskLevel riskLevel Related riskLevel data exposed by this resource.
riskState riskState Related riskState data exposed by this resource.

Graph Methods

Delegated access App-only access
Exact Microsoft Learn match

Microsoft Graph v1.0 endpoints are mapped directly from refreshed Microsoft Learn permissions tables.

No API methods available for this version.

Exact Microsoft Learn match

Microsoft Graph beta endpoints are mapped directly from refreshed Microsoft Learn permissions tables.

Methods
POST /identityProtection/riskyAgents/confirmCompromised
POST /identityProtection/riskyAgents/confirmSafe
POST /identityProtection/riskyAgents/dismiss
Exact Microsoft Learn PowerShell match

Microsoft Graph PowerShell v1.0 commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.

No deterministic PowerShell command map is available for this permission.

Browse PowerShell docs
Exact Microsoft Learn PowerShell match

Microsoft Graph PowerShell beta commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.

Commands
Invoke-MgBetaDismissRiskyAgent /identityProtection/riskyAgents/dismiss
riskyAgent: dismiss

Code Examples

C# / .NET SDK
riskyAgent: confirmCompromised
View official example on Microsoft Learn
// Code snippets are only available for the latest version. Current version is 5.x

// Dependencies
using Microsoft.Graph.Beta.IdentityProtection.RiskyAgents.ConfirmCompromised;

var requestBody = new ConfirmCompromisedPostRequestBody
{
	AgentIds = new List<string>
	{
		"29f270bb-4d23-4f68-8a57-dc73dc0d4caf",
		"20f91ec9-d140-4d90-9cd9-f618587a1471",
	},
};

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
await graphClient.IdentityProtection.RiskyAgents.ConfirmCompromised.PostAsync(requestBody);
JavaScript
riskyAgent: confirmCompromised
View official example on Microsoft Learn
const options = {
	authProvider,
};

const client = Client.init(options);

const confirmCompromised = {
  agentIds: [
    '29f270bb-4d23-4f68-8a57-dc73dc0d4caf',
    '20f91ec9-d140-4d90-9cd9-f618587a1471'
  ]
};

await client.api('/identityProtection/riskyAgents/confirmCompromised')
	.version('beta')
	.post(confirmCompromised);
PowerShell
riskyAgent: confirmCompromised
View official example on Microsoft Learn
Import-Module Microsoft.Graph.Beta.Identity.SignIns

$params = @{
	agentIds = @(
	"29f270bb-4d23-4f68-8a57-dc73dc0d4caf"
"20f91ec9-d140-4d90-9cd9-f618587a1471"
)
}

Confirm-MgBetaRiskyAgentCompromised -BodyParameter $params
Python
riskyAgent: confirmCompromised
View official example on Microsoft Learn
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.identityprotection.riskyagents.confirm_compromised.confirm_compromised_post_request_body import ConfirmCompromisedPostRequestBody
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = ConfirmCompromisedPostRequestBody(
	agent_ids = [
		"29f270bb-4d23-4f68-8a57-dc73dc0d4caf",
		"20f91ec9-d140-4d90-9cd9-f618587a1471",
	],
)

await graph_client.identity_protection.risky_agents.confirm_compromised.post(request_body)

App Registration

1

Navigate to Azure Portal

Go to App registrations in Microsoft Entra admin center

2

Add API Permission

Select your app → API permissions → Add a permission → Microsoft Graph

3

Select Permission Type

Choose Application permissions or delegated permissions and search for IdentityRiskyAgent.ReadWrite.All

4

Grant Admin Consent

Application permissions always require admin consent.