Update riskdetection.md with missing RiskEventTypes

Corissalea · web-flow · commit 90e9a81ba85e · 2025-01-28T22:16:30.000-06:00
Adding missing RiskEventTypes
Note these are string values and not enum
diff --git a/api-reference/beta/resources/riskdetection.md b/api-reference/beta/resources/riskdetection.md
@@ -45,7 +45,7 @@ For more information about risk detection, see [Microsoft Entra ID Protection](/
 |lastUpdatedDateTime|DateTimeOffset|Date and time that the risk detection was last updated. |
 |location|[signInLocation](signinlocation.md)|Location of the sign-in. |
 |requestId|string|Request ID of the sign-in associated with the risk detection. This property is null if the risk detection is not associated with a sign-in.|
-|riskEventType|String|The type of risk event detected. The possible values are `adminConfirmedUserCompromised`, `anomalousUserActivity`, `anonymizedIPAddress`,`attackerinTheMiddle`,`attemptedPRTAccess`, `generic`, `investigationsThreatIntelligence`, `investigationsThreatIntelligenceSigninLinked`,`leakedCredentials`, `maliciousIPAddress`, `maliciousIPAddressValidCredentialsBlockedIP`, `malwareInfectedIPAddress`, `mcasImpossibleTravel`,`mcasFinSuspiciousFileAccess`, `mcasSuspiciousInboxManipulationRules`,`nationStateIP`, `suspiciousAPITraffic`, `suspiciousIPAddress`,`suspiciousSendingPatterns`,   `unfamiliarFeatures`, `unlikelyTravel`, `userReportedSuspiciousActivity`. <br/> For more information about each value, see [Risk types and detection](/entra/id-protection/concept-identity-protection-risks#risk-types-and-detection).|
+|riskEventType|String|The type of risk event detected. The possible values are `adminConfirmedUserCompromised`, `anomalousUserActivity`, `anomalousToken`, `anonymizedIPAddress`,`attackerinTheMiddle`,`attemptedPRTAccess`, `generic`, `investigationsThreatIntelligence`, `investigationsThreatIntelligenceSigninLinked`,`leakedCredentials`, `maliciousIPAddress`, `maliciousIPAddressValidCredentialsBlockedIP`, `malwareInfectedIPAddress`, `mcasImpossibleTravel`,`mcasFinSuspiciousFileAccess`, `mcasSuspiciousInboxManipulationRules`,`nationStateIP`, `newCountry`, `passwordSpray`, `riskyIPAddress`, `suspiciousAPITraffic`, `suspiciousBrowser`, `suspiciousInboxForwarding`, `suspiciousIPAddress`,`suspiciousSendingPatterns`, `tokenIssuerAnomaly`,  `unfamiliarFeatures`, `unlikelyTravel`, `userReportedSuspiciousActivity`. <br/> For more information about each value, see [Risk types and detection](/entra/id-protection/concept-identity-protection-risks#risk-types-and-detection).|
 |riskDetail|riskDetail|Details of the detected risk. The possible values are: `none`, `adminGeneratedTemporaryPassword`, `userPerformedSecuredPasswordChange`, `userPerformedSecuredPasswordReset`, `adminConfirmedSigninSafe`, `aiConfirmedSigninSafe`, `userPassedMFADrivenByRiskBasedPolicy`, `adminDismissedAllRiskForUser`, `adminConfirmedSigninCompromised`, `hidden`, `adminConfirmedUserCompromised`, `unknownFutureValue`, `adminConfirmedServicePrincipalCompromised`, `adminDismissedAllRiskForServicePrincipal`, `m365DAdminDismissedDetection`. Use the `Prefer: include - unknown -enum-members` request header to get the following value(s) in this [evolvable enum](/graph/best-practices-concept#handling-future-members-in-evolvable-enumerations): `adminConfirmedServicePrincipalCompromised` , `adminDismissedAllRiskForServicePrincipal` , `m365DAdminDismissedDetection`. <br/><br />**Note:** Details for this property are only available for Microsoft Entra ID P2 customers. P1 customers will be returned `hidden`.|
 |riskLevel|riskLevel|Level of the detected risk. The possible values are `low`, `medium`, `high`, `hidden`, `none`, `unknownFutureValue`. <br />**Note:** Details for this property are only available for Microsoft Entra ID P2 customers. P1 customers will be returned `hidden`.|
 |riskState|riskState|The state of a detected risky user or sign-in. The possible values are `none`, `confirmedSafe`, `remediated`, `dismissed`, `atRisk`, `confirmedCompromised`, and `unknownFutureValue`. |
