Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Namespace: microsoft.graph.security
Important
APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.
Important
The markUserAsCompromisedResponseAction resource type is deprecated and will be removed on October 1, 2026. Use automatedAction (grouped via automatedActionSet) on the detectionAction resource instead.
Describes a response action that sets the user's risk level to "high" in Microsoft Entra ID.
This response action sets the user's risk level to high in Microsoft Entra ID, which triggers the identity protection policies for a high risk level.
Inherits from microsoft.graph.security.responseAction.
Properties
| Property | Type | Description |
|---|---|---|
| identifier | microsoft.graph.security.markUserAsCompromisedEntityIdentifier | Unique identifier for the response action. The possible values are: accountObjectId, initiatingProcessAccountObjectId, servicePrincipalId, recipientObjectId, unknownFutureValue. |
Relationships
None.
JSON representation
The following JSON representation shows the resource type.
{
"@odata.type": "#microsoft.graph.security.markUserAsCompromisedResponseAction",
"identifier": "String"
}