class RiskDetection
Represents information about a detected risk in an Azure AD tenant, providing programmatic access to risk detections based on Azure AD's continuous evaluation of user and sign-in risks.
/tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/protection/risk_detection.py
4 - 11
simple
Purpose
This class serves as a data model for Azure AD risk detection information. It inherits from Entity and represents risk detections that Azure AD identifies through various signals and machine learning algorithms. The class is used to access and manage information about security risks detected in user accounts, applications, or sign-in activities within an Azure AD environment. It provides a structured way to interact with Azure AD's Identity Protection risk detection API.
Source Code
class RiskDetection(Entity):
"""
Represents information about a detected risk in an Azure AD tenant.
Azure AD continually evaluates user risks and app or user sign-in risks based on various signals
and machine learning.
This API provides programmatic access to all risk detections in your Azure AD environment.
"""Parameters
| Name | Type | Default | Kind |
|---|---|---|---|
bases |
Entity | - |
Parameter Details
bases: Inherits from Entity class, which likely provides base functionality for Azure AD entities such as property management, serialization, and API interaction capabilities
Return Value
Instantiation returns a RiskDetection object that represents a specific risk detection event in Azure AD. The object provides access to risk detection properties inherited from the Entity base class, such as risk details, detection timestamps, risk levels, and associated user or sign-in information.
Class Interface
Dependencies
office365
Required Imports
from office365.entity import Entity
from office365.directory.protection.risk_detection import RiskDetection
Usage Example
from office365.runtime.auth.client_credential import ClientCredential
from office365.graph_client import GraphClient
from office365.directory.protection.risk_detection import RiskDetection
# Authenticate with Azure AD
credentials = ClientCredential('client_id', 'client_secret')
client = GraphClient(credentials, 'tenant_id')
# Query risk detections
risk_detections = client.identity_protection.risk_detections.get().execute_query()
# Iterate through detected risks
for detection in risk_detections:
print(f"Risk Type: {detection.risk_type}")
print(f"Risk Level: {detection.risk_level}")
print(f"Detected DateTime: {detection.detected_date_time}")
print(f"User ID: {detection.user_id}")Best Practices
- Ensure proper Azure AD permissions are configured before attempting to access risk detection data
- Use appropriate authentication methods (ClientCredential for app-only access) when instantiating the GraphClient
- Handle potential API rate limits when querying multiple risk detections
- The class is primarily a data container; actual API operations are performed through the GraphClient
- Risk detection objects are typically retrieved through queries rather than directly instantiated
- Consider filtering risk detections by date range or risk level to optimize API calls
- Cache risk detection data appropriately as it represents point-in-time security assessments
Tags
Similar Components
AI-powered semantic similarity - components with related functionality:
-
class RiskyUser 76.8% similar
-
class RiskUserActivity 69.4% similar
-
class RiskyUserHistoryItem 64.0% similar
-
class IdentityProtectionRoot 63.1% similar
-
class RiskyUserCollection 59.8% similar