Merge pull request #26098 from microsoftgraph/Corissalea

Danielabom · web-flow · commit 57ac5cc0496d · 2025-01-15T16:47:45.000-06:00
Update serviceprincipalriskdetection.md
diff --git a/api-reference/v1.0/resources/serviceprincipalriskdetection.md b/api-reference/v1.0/resources/serviceprincipalriskdetection.md
@@ -30,7 +30,7 @@ For more information about risk events, see [Microsoft Entra ID Protection](/azu
 ## Properties
 |Property|Type|Description|
 |:---|:---|:---|
-|activity|activityType|Indicates the activity type the detected risk is linked to.  The possible values are: `signin`, `servicePrincipal`. Note that you must use the `Prefer: include-unknown-enum-members` request header to get the following value(s) in this [evolvable enum](/graph/best-practices-concept#handling-future-members-in-evolvable-enumerations): `servicePrincipal`. |
+|activity|activityType|Indicates the activity type the detected risk is linked to.  The possible values are: `signin`, `servicePrincipal`. Use the `Prefer: include-unknown-enum-members` request header to get the following value(s) in this [evolvable enum](/graph/best-practices-concept#handling-future-members-in-evolvable-enumerations): `servicePrincipal`. |
 |activityDateTime|DateTimeOffset|Date and time when the risky activity occurred. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`|
 |additionalInfo|String|Additional information associated with the risk detection. This string value is represented as a JSON object with the quotations escaped. |
 |appId|String|The unique identifier for the associated application.|
@@ -43,8 +43,8 @@ For more information about risk events, see [Microsoft Entra ID Protection](/azu
 |lastUpdatedDateTime|DateTimeOffset|Date and time when the risk detection was last updated.|
 |location|[signInLocation](signinlocation.md)|Location from where the sign-in was initiated. |
 |requestId|String|Request identifier of the sign-in activity associated with the risk detection. This property is `null` if the risk detection is not associated with a sign-in activity. Supports `$filter` (`eq`).|
-|riskDetail|riskDetail|Details of the detected risk. <br>**Note:** Details for this property are only available for Workload Identities Premium customers. Events in tenants without this license will be returned `hidden`. <br/>The possible values are: `none`, `hidden`, `adminConfirmedServicePrincipalCompromised`, `adminDismissedAllRiskForServicePrincipal`. Note that you must use the `Prefer: include-unknown-enum-members` request header to get the following value(s) in this [evolvable enum](/graph/best-practices-concept#handling-future-members-in-evolvable-enumerations): `adminConfirmedServicePrincipalCompromised` , `adminDismissedAllRiskForServicePrincipal`.|
-|riskEventType|String|The type of risk event detected. The possible values are: `investigationsThreatIntelligence`, `generic`, `adminConfirmedServicePrincipalCompromised`, `suspiciousSignins`, `leakedCredentials`, `anomalousServicePrincipalActivity`, `maliciousApplication`, `suspiciousApplication`.|
+|riskDetail|riskDetail|Details of the detected risk. <br>**Note:** Details for this property are only available for Workload Identities Premium customers. Events in tenants without this license will be returned `hidden`. <br/>The possible values are: `none`, `hidden`, `adminConfirmedServicePrincipalCompromised`, `adminDismissedAllRiskForServicePrincipal`. Use the `Prefer: include-unknown-enum-members` request header to get the following value(s) in this [evolvable enum](/graph/best-practices-concept#handling-future-members-in-evolvable-enumerations): `adminConfirmedServicePrincipalCompromised` , `adminDismissedAllRiskForServicePrincipal`.|
+|riskEventType|String|The type of risk event detected. The possible values are: `investigationsThreatIntelligence`, `generic`, `adminConfirmedServicePrincipalCompromised`, `suspiciousSignins`, `leakedCredentials`, `anomalousServicePrincipalActivity`, `maliciousApplication`, `suspiciousApplication`, `suspiciousAPITraffic`.|
 |riskLevel|riskLevel|Level of the detected risk. <br>**Note:** Details for this property are only available for Workload Identities Premium customers. Events in tenants without this license will be returned `hidden`. The possible values are: `low`, `medium`, `high`, `hidden`, `none`.|
 |riskState|riskState|The state of a detected risky service principal or sign-in activity. The possible values are: `none`, `dismissed`, `atRisk`, `confirmedCompromised`.|
 |servicePrincipalDisplayName|String|	The display name for the service principal.|
diff --git a/changelog/Microsoft.IdentityProtectionServices.json b/changelog/Microsoft.IdentityProtectionServices.json
@@ -36,6 +36,24 @@
         "WorkloadArea": "Identity and access",
         "SubArea": "Identity and sign-in"
       },
+      {
+       "ChangeList": [
+          {
+          "Id": "95e7994e-b2ca-48bd-bc51-173812e9422a",
+          "ApiChange": "Property",
+          "ChangedApiName": "riskEventType",
+          "ChangeType": "Change",
+          "Description": "Added `suspiciousAPITraffic` as a supported value for the **riskEventType** property in the [servicePrincipalRiskDetection](https://learn.microsoft.com/en-us/graph/api/resources/serviceprincipalriskdetection?view=graph-rest-v1.0) resource.",
+          "Target": "servicePrincipalRiskDetection"
+          }
+        ],
+        "Id": "95e7994e-b2ca-48bd-bc51-173812e9422a",
+        "Cloud": "Prod",
+        "Version": "v1.0",
+        "CreatedDateTime": "2025-01-15T22:19:32.3422617Z",
+        "WorkloadArea": "Identity and access",
+        "SubArea": "Identity and sign-in"
+      },
       {
        "ChangeList": [
           {
diff --git a/concepts/whats-new-overview.md b/concepts/whats-new-overview.md
@@ -19,6 +19,9 @@ For details about previous updates to Microsoft Graph, see [Microsoft Graph what
 
 ## January 2025: New and generally available 
 
+### Identity and access | Identity and sign-in
+- Added riskEventType entry for the Suspicious API Traffic detection for [service principals](/graph/api/resources/serviceprincipalriskdetection?view=graph-rest-1.0&preserve-view=true).
+
 ### Teamwork and communications | Messaging
 
 - [Get](/graph/api/chatmessage-get#example-5-get-a-chat-message-with-an--for-everyone) a chat message with an @mention for everyone.
