IdentityRiskyServicePrincipal.ReadWrite.All
Allows the app to read and update identity risky service principal for your organization, without a signed-in user.
Permission Details
Read and write all identity risky service principal information
Allows the app to read and update identity risky service principal for your organization, without a signed-in user.
cb8d6980-6bcb-4507-afec-ed6de3a2d798
Read and write all identity risky service principal information
Allows the app to read and update identity risky service principal information for all service principals in your organization, on behalf of the signed-in user. Update operations include dismissing risky service principals.
bb6f654c-d7fd-4ae3-85c3-fc380934f515
Properties
Properties is shown from stable Microsoft Graph v1.0 metadata.
| Property | Type | Description |
|---|---|---|
appId |
StringNullable |
The globally unique identifier for the associated application (its appId property), if any. |
displayName |
StringNullable |
The display name for the service principal. |
id |
String |
The unique identifier assigned to the service principal at risk. Inherited from entity. |
isEnabled |
BooleanNullable |
true if the service principal account is enabled; otherwise, false. |
isProcessing |
BooleanNullable |
Indicates whether Microsoft Entra ID is currently processing the service principal's risky state. |
riskDetail |
riskDetail |
Details of the detected risk. , Note: Details for this property are only available for Workload Identities Premium customers. Events in tenants without this license will be returned hidden. |
riskLastUpdatedDateTime |
DateTimeOffsetNullable |
The date and time that the risk state was last updated. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2021 is 2021-01-01T00:00:00Z. Supports $filter (eq). |
riskLevel |
riskLevel |
Level of the detected risky workload identity. The possible values are: low, medium, high, hidden, none, unknownFutureValue. Supports $filter (eq). |
riskState |
riskState |
State of the service principal's risk. The possible values are: none, confirmedSafe, remediated, dismissed, atRisk, confirmedCompromised, unknownFutureValue. |
servicePrincipalType |
StringNullable |
Identifies whether the service principal represents an Application, a ManagedIdentity, or a legacy application (socialIdp). This is set by Microsoft Entra ID internally and is inherited from servicePrincipal. |
history |
riskyServicePrincipalHistoryItem collection |
Represents the risk history of Microsoft Entra service principals. |
JSON Representation
JSON representation is shown from stable Microsoft Graph v1.0 metadata.
{
"@odata.type": "#microsoft.graph.riskyServicePrincipal",
"id": "String (identifier)",
"isEnabled": "Boolean",
"isProcessing": "Boolean",
"riskLastUpdatedDateTime": "String (timestamp)",
"riskLevel": "String",
"riskState": "String",
"riskDetail": "String",
"displayName": "String",
"appId": "String",
"servicePrincipalType": "String"
}Relationships
Relationships is shown from stable Microsoft Graph v1.0 metadata.
| Relationship | Type | Description |
|---|---|---|
history |
riskyServicePrincipalHistoryItem collection |
Represents the risk history of Microsoft Entra service principals. |
Graph Methods
Microsoft Graph v1.0 endpoints are mapped directly from refreshed Microsoft Learn permissions tables.
Microsoft Graph beta endpoints are mapped directly from refreshed Microsoft Learn permissions tables.
Microsoft Graph PowerShell v1.0 commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.
Microsoft Graph PowerShell beta commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.
Code Examples
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.IdentityProtection.RiskyServicePrincipals.ConfirmCompromised;
var requestBody = new ConfirmCompromisedPostRequestBody
{
ServicePrincipalIds = new List<string>
{
"9089a539-a539-9089-39a5-899039a58990",
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
await graphClient.IdentityProtection.RiskyServicePrincipals.ConfirmCompromised.PostAsync(requestBody);const options = {
authProvider,
};
const client = Client.init(options);
const confirmCompromised = {
servicePrincipalIds: [
'9089a539-a539-9089-39a5-899039a58990'
]
};
await client.api('/identityProtection/riskyServicePrincipals/confirmCompromised')
.post(confirmCompromised);Import-Module Microsoft.Graph.Identity.SignIns
$params = @{
servicePrincipalIds = @(
"9089a539-a539-9089-39a5-899039a58990"
)
}
Confirm-MgRiskyServicePrincipalCompromised -BodyParameter $params# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.identityprotection.riskyserviceprincipals.confirm_compromised.confirm_compromised_post_request_body import ConfirmCompromisedPostRequestBody
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = ConfirmCompromisedPostRequestBody(
service_principal_ids = [
"9089a539-a539-9089-39a5-899039a58990",
],
)
await graph_client.identity_protection.risky_service_principals.confirm_compromised.post(request_body)App Registration
Navigate to Azure Portal
Go to App registrations in Microsoft Entra admin center
Add API Permission
Select your app → API permissions → Add a permission → Microsoft Graph
Select Permission Type
Choose Application permissions or delegated permissions and search for IdentityRiskyServicePrincipal.ReadWrite.All
Grant Admin Consent
Application permissions always require admin consent.