🔍 Code Extractor

A collection class for managing RiskyUser entities in Microsoft Graph API, providing operations to confirm compromised users or dismiss risk assessments.

Purpose

RiskyUserCollection extends EntityCollection to manage a collection of RiskyUser objects from Microsoft Graph's Identity Protection API. It provides specialized methods to perform bulk operations on risky users, such as confirming users as compromised (setting their risk level to high) or dismissing their risk (setting risk level to none). This class is used within the Office365 Python SDK to interact with Azure AD Identity Protection features for managing user risk states.

Source Code

class RiskyUserCollection(EntityCollection):
    """RiskyUser's collection"""

    def __init__(self, context, resource_path=None):
        super(RiskyUserCollection, self).__init__(context, RiskyUser, resource_path)

    def confirm_compromised(self, user_ids=None):
        """Confirm one or more riskyUser objects as compromised. This action sets the targeted user's risk level
        to high.

        :param list[str] user_ids: Specify the risky user IDs to dismiss in the request body.
        """
        payload = {"userIds": StringCollection(user_ids)}
        qry = ServiceOperationQuery(self, "confirmCompromised", None, payload)
        self.context.add_query(qry)
        return self

    def dismiss(self, user_ids=None):
        """Dismiss the risk of one or more riskyUser objects. This action sets the targeted user's risk level to none.

        :param list[str] user_ids: Specify the risky user IDs to dismiss in the request body.
        """
        payload = {"userIds": StringCollection(user_ids)}
        qry = ServiceOperationQuery(self, "dismiss", None, payload)
        self.context.add_query(qry)
        return self

Parameters

Parameter Details

context: The client context object that manages the connection and authentication to the Microsoft Graph API. This is required for making API requests and is passed to the parent EntityCollection class.

resource_path: Optional string representing the API endpoint path for this collection. If not provided, defaults to the standard path for risky users. This allows for custom resource paths when needed for specific API scenarios.

Return Value

The constructor returns an instance of RiskyUserCollection. Both confirm_compromised() and dismiss() methods return self (the RiskyUserCollection instance) to enable method chaining. These methods queue service operations that will be executed when the context processes queries, but don't return the operation results directly.

Class Interface

Methods

Attributes

Dependencies

• office365

Required Imports

from office365.directory.protection.riskyusers.risky_user import RiskyUser
from office365.entity_collection import EntityCollection
from office365.runtime.queries.service_operation import ServiceOperationQuery
from office365.runtime.types.collections import StringCollection

Usage Example

from office365.graph_client import GraphClient
from office365.directory.protection.riskyusers.risky_user_collection import RiskyUserCollection

# Authenticate and create context
client = GraphClient(credentials)

# Get the risky users collection
risky_users = client.identity_protection.risky_users

# Confirm specific users as compromised
user_ids_to_confirm = ['user1-guid', 'user2-guid']
risky_users.confirm_compromised(user_ids=user_ids_to_confirm)
client.execute_query()

# Dismiss risk for specific users
user_ids_to_dismiss = ['user3-guid', 'user4-guid']
risky_users.dismiss(user_ids=user_ids_to_dismiss)
client.execute_query()

# Method chaining is supported
risky_users.confirm_compromised(['user5-guid']).dismiss(['user6-guid'])
client.execute_query()

Best Practices

• Always call context.execute_query() after queuing operations with confirm_compromised() or dismiss() to actually execute the API requests
• Ensure the authenticated context has sufficient permissions (IdentityRiskyUser.ReadWrite.All) before performing operations
• Use method chaining when performing multiple operations to improve code readability
• Validate user IDs before passing them to methods to avoid API errors
• Handle potential exceptions from execute_query() as API calls may fail due to permissions, network issues, or invalid user IDs
• Be aware that these operations modify user risk states in Azure AD Identity Protection, which may trigger security policies and alerts
• Consider the security implications of dismissing user risks - ensure proper authorization and audit logging
• The class inherits from EntityCollection, so standard collection operations (filtering, querying) are also available

Tags

Similar Components

AI-powered semantic similarity - components with related functionality:

• class RiskyUser 76.9% similar

  Represents Azure AD users who are at risk, providing programmatic access to risk-related user data and history in Azure Active Directory.

  From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/protection/riskyusers/risky_user.py

• class RiskyUserHistoryItem 67.3% similar

  Represents the risk history of an Azure Active Directory (Azure AD) user as determined by Azure AD Identity Protection, extending the RiskyUser class with historical activity tracking.

  From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/protection/riskyusers/history_item.py

• class UserCollection 66.5% similar

  UserCollection is a specialized collection class for managing User objects in Microsoft 365/Office 365 directory services, providing methods to retrieve, create, and manage users with delta query support.

  From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/users/collection.py

• class UserConsentRequestCollection 64.7% similar

  A collection class for managing UserConsentRequest entities, providing methods to query, retrieve, and manipulate multiple user consent requests within the Microsoft Graph API context.

  From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/identitygovernance/userconsent/request_collection.py

• class RiskUserActivity 64.2% similar

  A data class representing risk activities of an Azure AD user as determined by Azure AD Identity Protection, inheriting from ClientValue.

  From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/protection/riskyusers/activity.py