Merge pull request #24173 from microsoftgraph/repo_sync_working_branch

Lauragra · web-flow · commit 3b1003db42a3 · 2024-04-22T20:07:10.000-07:00
Resolve syncing conflicts from repo_sync_working_branch to main
diff --git a/api-reference/beta/api/channel-getallretainedmessages.md b/api-reference/beta/api/channel-getallretainedmessages.md
@@ -54,16 +54,6 @@ This method supports the following OData query parameters to help customize the
 | $filter | The [$filter](/graph/query-parameters#filter-parameter) query parameter supports date and time range queries on the **lastModifiedDateTime** property.|
 | $top    | Use the [$top](/graph/query-parameters#top-parameter) query parameter to control the number of items per response.|
 
-The following table lists examples that show how to use the `$filter` parameter.
-
-|Scenario                                  | `$filter` parameter                                                                       |Possible values                                                                                             |
-|:-----------------------------------------|:---------------------------------------------------------------------------------------|:-----------------------------------------------------------------------------------------------------------|
-|Get messages sent by user identity type   |$filter=from/user/userIdentityType eq '{teamworkUserIdentityType}'                      |aadUser, onPremiseAadUser, anonymousGuest, federatedUser, personalMicrosoftAccountUser, skypeUser, phoneUser|
-|Get messages sent by application type     |$filter=from/application/applicationIdentityType eq '{teamworkApplicationIdentity}'     |aadApplication, bot, tenantBot, office365Connector, outgoingWebhook                                         |
-|Get messages sent by user ID              |$filter=from/user/id eq '{oid}'                                                         ||
-|Get control (system event) messages        |$filter=messageType eq 'systemEventMessage'                                             ||
-|Exclude control (system event) messages   |$filter=messageType ne 'systemEventMessage'                                             ||
-
 ## Request headers
 
 |Name|Description|
diff --git a/api-reference/beta/resources/riskdetection.md b/api-reference/beta/resources/riskdetection.md
@@ -44,7 +44,7 @@ For more information about risk detection, see [Microsoft Entra ID Protection](/
 |lastUpdatedDateTime|DateTimeOffset|Date and time that the risk detection was last updated. |
 |location|[signInLocation](signinlocation.md)|Location of the sign-in. |
 |requestId|string|Request ID of the sign-in associated with the risk detection. This property is null if the risk detection is not associated with a sign-in.|
-|riskEventType|String|The type of risk event detected. The possible values are `adminConfirmedUserCompromised`, `anomalousUserActivity`, `anonymizedIPAddress`, `generic`, `investigationsThreatIntelligence`, `investigationsThreatIntelligenceSigninLinked`, `suspiciousSendingPatterns`, `leakedCredentials`, `maliciousIPAddress`, `maliciousIPAddressValidCredentialsBlockedIP`, `malwareInfectedIPAddress`, `mcasImpossibleTravel`, `mcasSuspiciousInboxManipulationRules`, `suspiciousAPITraffic`, `suspiciousIPAddress`,   `unfamiliarFeatures`, `unlikelyTravel`, `userReportedSuspiciousActivity`. <br/> For more information about each value, see [Risk types and detection](/entra/id-protection/concept-identity-protection-risks#risk-types-and-detection).|
+|riskEventType|String|The type of risk event detected. The possible values are `adminConfirmedUserCompromised`, `anomalousUserActivity`, `anonymizedIPAddress`,`attackerinTheMiddle`,`attemptedPRTAccess`, `generic`, `investigationsThreatIntelligence`, `investigationsThreatIntelligenceSigninLinked`,`leakedCredentials`, `maliciousIPAddress`, `maliciousIPAddressValidCredentialsBlockedIP`, `malwareInfectedIPAddress`, `mcasImpossibleTravel`,`mcasFinSuspiciousFileAccess`, `mcasSuspiciousInboxManipulationRules`,`nationStateIP`, `suspiciousAPITraffic`, `suspiciousIPAddress`,`suspiciousSendingPatterns`,   `unfamiliarFeatures`, `unlikelyTravel`, `userReportedSuspiciousActivity`. <br/> For more information about each value, see [Risk types and detection](/entra/id-protection/concept-identity-protection-risks#risk-types-and-detection).|
 |riskDetail|riskDetail|Details of the detected risk. The possible values are: `none`, `adminGeneratedTemporaryPassword`, `userPerformedSecuredPasswordChange`, `userPerformedSecuredPasswordReset`, `adminConfirmedSigninSafe`, `aiConfirmedSigninSafe`, `userPassedMFADrivenByRiskBasedPolicy`, `adminDismissedAllRiskForUser`, `adminConfirmedSigninCompromised`, `hidden`, `adminConfirmedUserCompromised`, `unknownFutureValue`, `adminConfirmedServicePrincipalCompromised`, `adminDismissedAllRiskForServicePrincipal`, `m365DAdminDismissedDetection`. Note that you must use the `Prefer: include - unknown -enum-members` request header to get the following value(s) in this [evolvable enum](/graph/best-practices-concept#handling-future-members-in-evolvable-enumerations): `adminConfirmedServicePrincipalCompromised` , `adminDismissedAllRiskForServicePrincipal` , `m365DAdminDismissedDetection`. <br/><br />**Note:** Details for this property are only available for Microsoft Entra ID P2 customers. P1 customers will be returned `hidden`.|
 |riskLevel|riskLevel|Level of the detected risk. The possible values are `low`, `medium`, `high`, `hidden`, `none`, `unknownFutureValue`. <br />**Note:** Details for this property are only available for Microsoft Entra ID P2 customers. P1 customers will be returned `hidden`.|
 |riskState|riskState|The state of a detected risky user or sign-in. The possible values are `none`, `confirmedSafe`, `remediated`, `dismissed`, `atRisk`, `confirmedCompromised`, and `unknownFutureValue`. |
