🔍 Code Extractor

class RiskyUser

Maturity: 56

Represents Azure AD users who are at risk, providing programmatic access to risk-related user data and history in Azure Active Directory.

File:
/tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/protection/riskyusers/risky_user.py
Lines:
6 - 34
Complexity:
moderate

Purpose

This class models Azure AD users identified as at-risk based on Azure AD's continuous evaluation using various signals and machine learning. It provides access to user risk information including the user's principal name and a history of risk-related activities. The class extends the Entity base class and is part of the Office365 directory protection API, allowing developers to query and monitor risky users in their Azure AD tenant.

Source Code

class RiskyUser(Entity):
    """
    Represents Azure AD users who are at risk. Azure AD continually evaluates user risk based on various
    signals and machine learning. This API provides programmatic access to all at-risk users in your Azure AD.
    """

    @property
    def history(self):
        """The activity related to user risk level change"""
        from office365.directory.protection.riskyusers.history_item import (
            RiskyUserHistoryItem,
        )

        return self.properties.get(
            "history",
            EntityCollection(
                self.context,
                RiskyUserHistoryItem,
                ResourcePath("history", self.resource_path),
            ),
        )

    @property
    def user_principal_name(self):
        """
        Risky user principal name.
        :rtype: str or None
        """
        return self.properties.get("userPrincipalName", None)

Parameters

Name Type Default Kind
bases Entity -

Parameter Details

Entity_base_class: Inherits from Entity base class which provides core functionality for Office365 entities including context management, properties storage, and resource path handling. The constructor parameters are inherited from Entity and typically include context (ClientContext) and resource_path (ResourcePath) for API communication.

Return Value

Instantiation returns a RiskyUser object that represents an at-risk Azure AD user. The object provides access to risk-related properties and methods. The 'history' property returns an EntityCollection of RiskyUserHistoryItem objects containing the activity history related to user risk level changes. The 'user_principal_name' property returns a string representing the risky user's principal name, or None if not available.

Class Interface

Methods

@property history(self) -> EntityCollection property

Purpose: Provides access to the activity history related to user risk level changes

Returns: EntityCollection of RiskyUserHistoryItem objects representing the historical risk-related activities for this user. Returns a cached collection if already accessed, otherwise creates a new EntityCollection with the appropriate context and resource path.

@property user_principal_name(self) -> str | None property

Purpose: Retrieves the user principal name (UPN) of the risky user

Returns: String containing the risky user's principal name (e.g., 'user@contoso.com'), or None if the property is not available in the current object state.

Attributes

Name Type Description Scope
properties dict Inherited from Entity base class. Stores the property values for this risky user instance, including userPrincipalName and history collection. Accessed via property decorators. instance
context ClientContext Inherited from Entity base class. The client context used for API communication with Microsoft Graph, containing authentication and request handling capabilities. instance
resource_path ResourcePath Inherited from Entity base class. The resource path identifying this specific risky user in the Microsoft Graph API hierarchy. instance

Dependencies

  • office365

Required Imports

from office365.entity import Entity
from office365.entity_collection import EntityCollection
from office365.runtime.paths.resource_path import ResourcePath

Conditional/Optional Imports

These imports are only needed under specific conditions:

from office365.directory.protection.riskyusers.history_item import RiskyUserHistoryItem

Condition: only when accessing the 'history' property for the first time (lazy import within the property getter)

Required (conditional)

Usage Example

from office365.graph_client import GraphClient
from office365.directory.protection.riskyusers.risky_user import RiskyUser

# Authenticate and create client context
client = GraphClient.with_username_and_password(
    tenant='contoso.onmicrosoft.com',
    username='admin@contoso.onmicrosoft.com',
    password='password'
)

# Get risky users collection
risky_users = client.identity_protection.risky_users
risky_users.get().execute_query()

# Iterate through risky users
for risky_user in risky_users:
    # Access user principal name
    upn = risky_user.user_principal_name
    print(f'Risky user: {upn}')
    
    # Access risk history
    history = risky_user.history
    history.get().execute_query()
    
    for history_item in history:
        print(f'Risk event: {history_item.properties}')

Best Practices

  • Always ensure proper authentication and permissions are configured before accessing risky user data
  • Use execute_query() after get() operations to fetch data from the Microsoft Graph API
  • The history property uses lazy loading - it will only import RiskyUserHistoryItem when first accessed
  • Check if user_principal_name is None before using it, as it may not always be available
  • The class inherits from Entity, so it maintains state through the properties dictionary
  • Access properties through the provided property decorators rather than directly accessing the properties dictionary
  • When working with the history collection, remember to call execute_query() to populate the collection with actual data
  • This class is typically not instantiated directly but obtained through the GraphClient's identity_protection.risky_users collection
  • Handle API rate limits and throttling when querying large numbers of risky users
  • Consider caching risky user data appropriately as frequent API calls may impact performance

Tags

azure-ad identity-protection security risk-management user-risk microsoft-graph office365 entity authentication compliance

Similar Components

AI-powered semantic similarity - components with related functionality:

  • class RiskyUserHistoryItem 82.3% similar

    Represents the risk history of an Azure Active Directory (Azure AD) user as determined by Azure AD Identity Protection, extending the RiskyUser class with historical activity tracking.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/protection/riskyusers/history_item.py

  • class RiskUserActivity 77.5% similar

    A data class representing risk activities of an Azure AD user as determined by Azure AD Identity Protection, inheriting from ClientValue.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/protection/riskyusers/activity.py

  • class RiskyUserCollection 76.9% similar

    A collection class for managing RiskyUser entities in Microsoft Graph API, providing operations to confirm compromised users or dismiss risk assessments.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/protection/riskyusers/collection.py

  • class RiskDetection 76.8% similar

    Represents information about a detected risk in an Azure AD tenant, providing programmatic access to risk detections based on Azure AD's continuous evaluation of user and sign-in risks.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/protection/risk_detection.py

  • class IdentityProtectionRoot 64.5% similar

    Container class for Microsoft Graph identity protection resources, providing access to risk detections and risky users through navigation properties.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/protection/root.py
← Back to Browse