Merge pull request #26166 from microsoftgraph/Corissalea-patch-2

FaithOmbongi · web-flow · commit 4740ed103921 · 2025-02-11T21:00:11.000+03:00
Update riskdetection.md with missing RiskEventTypes
diff --git a/api-reference/beta/resources/riskdetection.md b/api-reference/beta/resources/riskdetection.md
@@ -45,7 +45,7 @@ For more information about risk detection, see [Microsoft Entra ID Protection](/
 |lastUpdatedDateTime|DateTimeOffset|Date and time that the risk detection was last updated. |
 |location|[signInLocation](signinlocation.md)|Location of the sign-in. |
 |requestId|string|Request ID of the sign-in associated with the risk detection. This property is null if the risk detection is not associated with a sign-in.|
-|riskEventType|String|The type of risk event detected. The possible values are `adminConfirmedUserCompromised`, `anomalousUserActivity`, `anonymizedIPAddress`,`attackerinTheMiddle`,`attemptedPRTAccess`, `generic`, `investigationsThreatIntelligence`, `investigationsThreatIntelligenceSigninLinked`,`leakedCredentials`, `maliciousIPAddress`, `maliciousIPAddressValidCredentialsBlockedIP`, `malwareInfectedIPAddress`, `mcasImpossibleTravel`,`mcasFinSuspiciousFileAccess`, `mcasSuspiciousInboxManipulationRules`,`nationStateIP`, `suspiciousAPITraffic`, `suspiciousIPAddress`,`suspiciousSendingPatterns`,   `unfamiliarFeatures`, `unlikelyTravel`, `userReportedSuspiciousActivity`. <br/> For more information about each value, see [Risk types and detection](/entra/id-protection/concept-identity-protection-risks#risk-types-and-detection).|
+|riskEventType|String|The type of risk event detected. The possible values are `adminConfirmedUserCompromised`, `anomalousUserActivity`, `anomalousToken`, `anonymizedIPAddress`,`attackerinTheMiddle`,`attemptedPRTAccess`, `generic`, `investigationsThreatIntelligence`, `investigationsThreatIntelligenceSigninLinked`,`leakedCredentials`, `maliciousIPAddress`, `maliciousIPAddressValidCredentialsBlockedIP`, `malwareInfectedIPAddress`, `mcasImpossibleTravel`,`mcasFinSuspiciousFileAccess`, `mcasSuspiciousInboxManipulationRules`,`nationStateIP`, `newCountry`, `passwordSpray`, `riskyIPAddress`, `suspiciousAPITraffic`, `suspiciousBrowser`, `suspiciousInboxForwarding`, `suspiciousIPAddress`,`suspiciousSendingPatterns`, `tokenIssuerAnomaly`,  `unfamiliarFeatures`, `unlikelyTravel`, `userReportedSuspiciousActivity`. <br/> For more information about each value, see [Risk types and detection](/entra/id-protection/concept-identity-protection-risks#risk-types-and-detection).|
 |riskDetail|riskDetail|Details of the detected risk. The possible values are: `none`, `adminGeneratedTemporaryPassword`, `userPerformedSecuredPasswordChange`, `userPerformedSecuredPasswordReset`, `adminConfirmedSigninSafe`, `aiConfirmedSigninSafe`, `userPassedMFADrivenByRiskBasedPolicy`, `adminDismissedAllRiskForUser`, `adminConfirmedSigninCompromised`, `hidden`, `adminConfirmedUserCompromised`, `unknownFutureValue`, `adminConfirmedServicePrincipalCompromised`, `adminDismissedAllRiskForServicePrincipal`, `m365DAdminDismissedDetection`. Use the `Prefer: include - unknown -enum-members` request header to get the following value(s) in this [evolvable enum](/graph/best-practices-concept#handling-future-members-in-evolvable-enumerations): `adminConfirmedServicePrincipalCompromised` , `adminDismissedAllRiskForServicePrincipal` , `m365DAdminDismissedDetection`. <br/><br />**Note:** Details for this property are only available for Microsoft Entra ID P2 customers. P1 customers will be returned `hidden`.|
 |riskLevel|riskLevel|Level of the detected risk. The possible values are `low`, `medium`, `high`, `hidden`, `none`, `unknownFutureValue`. <br />**Note:** Details for this property are only available for Microsoft Entra ID P2 customers. P1 customers will be returned `hidden`.|
 |riskState|riskState|The state of a detected risky user or sign-in. The possible values are `none`, `confirmedSafe`, `remediated`, `dismissed`, `atRisk`, `confirmedCompromised`, and `unknownFutureValue`. |
diff --git a/changelog/Microsoft.IdentityProtectionServices.json b/changelog/Microsoft.IdentityProtectionServices.json
@@ -1,5 +1,23 @@
 {
   "changelog": [
+       {
+       "ChangeList": [
+          {
+          "Id": "fe06198f-3161-48d1-8bc8-c0edb038d428",
+          "ApiChange": "Property",
+          "ChangedApiName": "riskEventType",
+          "ChangeType": "Change",
+          "Description": "Added `anomalousToken``newCountry`, `passwordSpray`, `riskyIPAddress`, `suspiciousBrowser`, `suspiciousInboxForwarding`, `tokenIssuerAnomaly`, as a supported values for the **riskEventType** property in the [riskDetection](https://learn.microsoft.com/en-us/graph/api/resources/riskdetection?view=graph-rest-beta) resource.",
+          "Target": "riskDetection"
+          }
+        ],
+        "Id": "fe06198f-3161-48d1-8bc8-c0edb038d428",
+        "Cloud": "Prod",
+        "Version": "beta",
+        "CreatedDateTime": "2025-02-11T22:19:32.3422617Z",
+        "WorkloadArea": "Identity and access",
+        "SubArea": "Identity and sign-in"
+      },
       {
        "ChangeList": [
           {
