Note
Access to this page requires authorization. You can try signing in or .
Access to this page requires authorization. You can try .
New-MgRiskDetection
Create new navigation property to riskDetections for identityProtection
Note
To view the beta release of this cmdlet, view New-MgBetaRiskDetection
Syntax
CreateExpanded (Default)
New-MgRiskDetection
[-ResponseHeadersVariable <string>]
[-Activity <string>]
[-ActivityDateTime <datetime>]
[-AdditionalInfo <string>]
[-AdditionalProperties <hashtable>]
[-CorrelationId <string>]
[-DetectedDateTime <datetime>]
[-DetectionTimingType <string>]
[-IPAddress <string>]
[-Id <string>]
[-LastUpdatedDateTime <datetime>]
[-Location <IMicrosoftGraphSignInLocation>]
[-RequestId <string>]
[-RiskDetail <string>]
[-RiskEventType <string>]
[-RiskLevel <string>]
[-RiskState <string>]
[-Source <string>]
[-TokenIssuerType <string>]
[-UserDisplayName <string>]
[-UserId <string>]
[-UserPrincipalName <string>]
[-Break]
[-Headers <IDictionary>]
[-HttpPipelineAppend <SendAsyncStep[]>]
[-HttpPipelinePrepend <SendAsyncStep[]>]
[-Proxy <uri>]
[-ProxyCredential <pscredential>]
[-ProxyUseDefaultCredentials]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Create
New-MgRiskDetection
-BodyParameter <IMicrosoftGraphRiskDetection>
[-ResponseHeadersVariable <string>]
[-Break]
[-Headers <IDictionary>]
[-HttpPipelineAppend <SendAsyncStep[]>]
[-HttpPipelinePrepend <SendAsyncStep[]>]
[-Proxy <uri>]
[-ProxyCredential <pscredential>]
[-ProxyUseDefaultCredentials]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Parameters
-Activity
activityType
Parameter properties
| Type: | System.String |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-ActivityDateTime
Date and time that the risky activity occurred. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is look like this: 2014-01-01T00:00:00Z
Parameter properties
| Type: | System.DateTime |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-AdditionalInfo
Additional information associated with the risk detection in JSON format. For example, '[{/'Key/':/'userAgent/',/'Value/':/'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36/'}]'. Possible keys in the additionalInfo JSON string are: userAgent, alertUrl, relatedEventTimeInUtc, relatedUserAgent, deviceInformation, relatedLocation, requestId, correlationId, lastActivityTimeInUtc, malwareName, clientLocation, clientIp, riskReasons. For more information about riskReasons and possible values, see riskReasons values.
Parameter properties
| Type: | System.String |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-AdditionalProperties
Additional Parameters
Parameter properties
| Type: | System.Collections.Hashtable |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-BodyParameter
riskDetection To construct, see NOTES section for BODYPARAMETER properties and create a hash table.
Parameter properties
| Type: | Microsoft.Graph.PowerShell.Models.IMicrosoftGraphRiskDetection |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Break
Wait for .NET debugger to attach
Parameter properties
| Type: | System.Management.Automation.SwitchParameter |
| Default value: | False |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Confirm
Prompts you for confirmation before running the cmdlet.
Parameter properties
| Type: | System.Management.Automation.SwitchParameter |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | cf |
Parameter sets
-CorrelationId
Correlation ID of the sign-in associated with the risk detection. This property is null if the risk detection is not associated with a sign-in.
Parameter properties
| Type: | System.String |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-DetectedDateTime
Date and time that the risk was detected. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 looks like this: 2014-01-01T00:00:00Z
Parameter properties
| Type: | System.DateTime |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-DetectionTimingType
riskDetectionTimingType
Parameter properties
| Type: | System.String |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Headers
Optional headers that will be added to the request.
Parameter properties
| Type: | System.Collections.IDictionary |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-HttpPipelineAppend
SendAsync Pipeline Steps to be appended to the front of the pipeline
Parameter properties
| Type: | Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[] |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-HttpPipelinePrepend
SendAsync Pipeline Steps to be prepended to the front of the pipeline
Parameter properties
| Type: | Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[] |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Id
The unique identifier for an entity. Read-only.
Parameter properties
| Type: | System.String |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-IPAddress
Provides the IP address of the client from where the risk occurred.
Parameter properties
| Type: | System.String |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-LastUpdatedDateTime
Date and time that the risk detection was last updated. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is look like this: 2014-01-01T00:00:00Z
Parameter properties
| Type: | System.DateTime |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Location
signInLocation To construct, see NOTES section for LOCATION properties and create a hash table.
Parameter properties
| Type: | Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSignInLocation |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Proxy
The URI for the proxy server to use
Parameter properties
| Type: | System.Uri |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-ProxyCredential
Credentials for a proxy server to use for the remote call
Parameter properties
| Type: | System.Management.Automation.PSCredential |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-ProxyUseDefaultCredentials
Use the default credentials for the proxy
Parameter properties
| Type: | System.Management.Automation.SwitchParameter |
| Default value: | False |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-RequestId
Request ID of the sign-in associated with the risk detection. This property is null if the risk detection is not associated with a sign-in.
Parameter properties
| Type: | System.String |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-ResponseHeadersVariable
Optional Response Headers Variable.
Parameter properties
| Type: | System.String |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | RHV |
Parameter sets
-RiskDetail
riskDetail
Parameter properties
| Type: | System.String |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-RiskEventType
The type of risk event detected. The possible values are adminConfirmedUserCompromised, anomalousToken, anomalousUserActivity, anonymizedIPAddress, generic, impossibleTravel, investigationsThreatIntelligence, suspiciousSendingPatterns, leakedCredentials, maliciousIPAddress,malwareInfectedIPAddress, mcasSuspiciousInboxManipulationRules, newCountry, passwordSpray,riskyIPAddress, suspiciousAPITraffic, suspiciousBrowser,suspiciousInboxForwarding, suspiciousIPAddress, tokenIssuerAnomaly, unfamiliarFeatures, unlikelyTravel. If the risk detection is a premium detection, will show generic. For more information about each value, see Risk types and detection.
Parameter properties
| Type: | System.String |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-RiskLevel
riskLevel
Parameter properties
| Type: | System.String |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-RiskState
riskState
Parameter properties
| Type: | System.String |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Source
Source of the risk detection. For example, activeDirectory.
Parameter properties
| Type: | System.String |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-TokenIssuerType
tokenIssuerType
Parameter properties
| Type: | System.String |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-UserDisplayName
The user principal name (UPN) of the user.
Parameter properties
| Type: | System.String |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-UserId
Unique ID of the user.
Parameter properties
| Type: | System.String |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-UserPrincipalName
The user principal name (UPN) of the user.
Parameter properties
| Type: | System.String |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-WhatIf
Runs the command in a mode that only reports what would happen without performing the actions.
Parameter properties
| Type: | System.Management.Automation.SwitchParameter |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | wi |
Parameter sets
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Inputs
Microsoft.Graph.PowerShell.Models.IMicrosoftGraphRiskDetection
{{ Fill in the Description }}
System.Collections.IDictionary
{{ Fill in the Description }}
Outputs
Microsoft.Graph.PowerShell.Models.IMicrosoftGraphRiskDetection
{{ Fill in the Description }}
Notes
COMPLEX PARAMETER PROPERTIES
To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables.
BODYPARAMETER <IMicrosoftGraphRiskDetection>: riskDetection
[(Any) <Object>]: This indicates any property can be added to this object.
[Id <String>]: The unique identifier for an entity.
Read-only.
[Activity <String>]: activityType
[ActivityDateTime <DateTime?>]: Date and time that the risky activity occurred.
The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time.
For example, midnight UTC on Jan 1, 2014 is look like this: 2014-01-01T00:00:00Z
[AdditionalInfo <String>]: Additional information associated with the risk detection in JSON format.
For example, '[{/'Key/':/'userAgent/',/'Value/':/'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36/'}]'.
Possible keys in the additionalInfo JSON string are: userAgent, alertUrl, relatedEventTimeInUtc, relatedUserAgent, deviceInformation, relatedLocation, requestId, correlationId, lastActivityTimeInUtc, malwareName, clientLocation, clientIp, riskReasons.
For more information about riskReasons and possible values, see riskReasons values.
[CorrelationId <String>]: Correlation ID of the sign-in associated with the risk detection.
This property is null if the risk detection is not associated with a sign-in.
[DetectedDateTime <DateTime?>]: Date and time that the risk was detected.
The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time.
For example, midnight UTC on Jan 1, 2014 looks like this: 2014-01-01T00:00:00Z
[DetectionTimingType <String>]: riskDetectionTimingType
[IPAddress <String>]: Provides the IP address of the client from where the risk occurred.
[LastUpdatedDateTime <DateTime?>]: Date and time that the risk detection was last updated.
The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time.
For example, midnight UTC on Jan 1, 2014 is look like this: 2014-01-01T00:00:00Z
[Location <IMicrosoftGraphSignInLocation>]: signInLocation
[(Any) <Object>]: This indicates any property can be added to this object.
[City <String>]: Provides the city where the sign-in originated and is determined using latitude/longitude information from the sign-in activity.
[CountryOrRegion <String>]: Provides the country code info (two letter code) where the sign-in originated.
This is calculated using latitude/longitude information from the sign-in activity.
[GeoCoordinates <IMicrosoftGraphGeoCoordinates>]: geoCoordinates
[(Any) <Object>]: This indicates any property can be added to this object.
[Altitude <Double?>]: Optional.
The altitude (height), in feet, above sea level for the item.
Read-only.
[Latitude <Double?>]: Optional.
The latitude, in decimal, for the item.
Read-only.
[Longitude <Double?>]: Optional.
The longitude, in decimal, for the item.
Read-only.
[State <String>]: Provides the State where the sign-in originated.
This is calculated using latitude/longitude information from the sign-in activity.
[RequestId <String>]: Request ID of the sign-in associated with the risk detection.
This property is null if the risk detection is not associated with a sign-in.
[RiskDetail <String>]: riskDetail
[RiskEventType <String>]: The type of risk event detected.
The possible values are adminConfirmedUserCompromised, anomalousToken, anomalousUserActivity, anonymizedIPAddress, generic, impossibleTravel, investigationsThreatIntelligence, suspiciousSendingPatterns, leakedCredentials, maliciousIPAddress,malwareInfectedIPAddress, mcasSuspiciousInboxManipulationRules, newCountry, passwordSpray,riskyIPAddress, suspiciousAPITraffic, suspiciousBrowser,suspiciousInboxForwarding, suspiciousIPAddress, tokenIssuerAnomaly, unfamiliarFeatures, unlikelyTravel.
If the risk detection is a premium detection, will show generic.
For more information about each value, see Risk types and detection.
[RiskLevel <String>]: riskLevel
[RiskState <String>]: riskState
[Source <String>]: Source of the risk detection.
For example, activeDirectory.
[TokenIssuerType <String>]: tokenIssuerType
[UserDisplayName <String>]: The user principal name (UPN) of the user.
[UserId <String>]: Unique ID of the user.
[UserPrincipalName <String>]: The user principal name (UPN) of the user.
LOCATION <IMicrosoftGraphSignInLocation>: signInLocation
[(Any) <Object>]: This indicates any property can be added to this object.
[City <String>]: Provides the city where the sign-in originated and is determined using latitude/longitude information from the sign-in activity.
[CountryOrRegion <String>]: Provides the country code info (two letter code) where the sign-in originated.
This is calculated using latitude/longitude information from the sign-in activity.
[GeoCoordinates <IMicrosoftGraphGeoCoordinates>]: geoCoordinates
[(Any) <Object>]: This indicates any property can be added to this object.
[Altitude <Double?>]: Optional.
The altitude (height), in feet, above sea level for the item.
Read-only.
[Latitude <Double?>]: Optional.
The latitude, in decimal, for the item.
Read-only.
[Longitude <Double?>]: Optional.
The longitude, in decimal, for the item.
Read-only.
[State <String>]: Provides the State where the sign-in originated.
This is calculated using latitude/longitude information from the sign-in activity.