IdentityRiskyServicePrincipal.Read.All
Allows the app to read all risky service principal information for your organization, without a signed-in user.
Permission Details
Read all identity risky service principal information
Allows the app to read all risky service principal information for your organization, without a signed-in user.
607c7344-0eed-41e5-823a-9695ebe1b7b0
Read all identity risky service principal information
Allows the app to read all identity risky service principal information for your organization, on behalf of the signed-in user.
ea5c4ab0-5a73-4f35-8272-5d5337884e5d
Properties
Properties is shown from stable Microsoft Graph v1.0 metadata.
| Property | Type | Description |
|---|---|---|
appId |
StringNullable |
The globally unique identifier for the associated application (its appId property), if any. |
displayName |
StringNullable |
The display name for the service principal. |
id |
String |
The unique identifier assigned to the service principal at risk. Inherited from entity. |
isEnabled |
BooleanNullable |
true if the service principal account is enabled; otherwise, false. |
isProcessing |
BooleanNullable |
Indicates whether Microsoft Entra ID is currently processing the service principal's risky state. |
riskDetail |
riskDetail |
Details of the detected risk. , Note: Details for this property are only available for Workload Identities Premium customers. Events in tenants without this license will be returned hidden. |
riskLastUpdatedDateTime |
DateTimeOffsetNullable |
The date and time that the risk state was last updated. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2021 is 2021-01-01T00:00:00Z. Supports $filter (eq). |
riskLevel |
riskLevel |
Level of the detected risky workload identity. The possible values are: low, medium, high, hidden, none, unknownFutureValue. Supports $filter (eq). |
riskState |
riskState |
State of the service principal's risk. The possible values are: none, confirmedSafe, remediated, dismissed, atRisk, confirmedCompromised, unknownFutureValue. |
servicePrincipalType |
StringNullable |
Identifies whether the service principal represents an Application, a ManagedIdentity, or a legacy application (socialIdp). This is set by Microsoft Entra ID internally and is inherited from servicePrincipal. |
history |
riskyServicePrincipalHistoryItem collection |
Represents the risk history of Microsoft Entra service principals. |
JSON Representation
JSON representation is shown from stable Microsoft Graph v1.0 metadata.
{
"@odata.type": "#microsoft.graph.riskyServicePrincipal",
"id": "String (identifier)",
"isEnabled": "Boolean",
"isProcessing": "Boolean",
"riskLastUpdatedDateTime": "String (timestamp)",
"riskLevel": "String",
"riskState": "String",
"riskDetail": "String",
"displayName": "String",
"appId": "String",
"servicePrincipalType": "String"
}Relationships
Relationships is shown from stable Microsoft Graph v1.0 metadata.
| Relationship | Type | Description |
|---|---|---|
history |
riskyServicePrincipalHistoryItem collection |
Represents the risk history of Microsoft Entra service principals. |
Graph Methods
Microsoft Graph v1.0 endpoints are mapped directly from refreshed Microsoft Learn permissions tables.
Microsoft Graph beta endpoints are mapped directly from refreshed Microsoft Learn permissions tables.
Microsoft Graph PowerShell v1.0 commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.
Microsoft Graph PowerShell beta commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.
Code Examples
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityProtection.RiskyServicePrincipals["{riskyServicePrincipal-id}"].GetAsync();const options = {
authProvider,
};
const client = Client.init(options);
let riskyServicePrincipal = await client.api('/identityProtection/riskyServicePrincipals/9089a539-a539-9089-39a5-899039a58990')
.get();Import-Module Microsoft.Graph.Identity.SignIns
Get-MgRiskyServicePrincipal -RiskyServicePrincipalId $riskyServicePrincipalId# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
result = await graph_client.identity_protection.risky_service_principals.by_risky_service_principal_id('riskyServicePrincipal-id').get()App Registration
Navigate to Azure Portal
Go to App registrations in Microsoft Entra admin center
Add API Permission
Select your app → API permissions → Add a permission → Microsoft Graph
Select Permission Type
Choose Application permissions or delegated permissions and search for IdentityRiskyServicePrincipal.Read.All
Grant Admin Consent
Application permissions always require admin consent.