RiskyUserHistory
null
Table Specific Information
Select
Get the risk history of a Microsoft Entra user. You can filter results by RiskyUserId.
- RiskyUserId supports the '=' and IN operators.
For example, the following queries are processed server side:
SELECT * FROM RiskyUserHistory WHERE RiskyUserId = 'ffacf701-6caf-4228-9e3b-7e57c14122ee'
SELECT * FROM RiskyUserHistory WHERE RiskyUserId IN (SELECT Id FROM RiskyUsers)Note: Querying this view requires additional scopes than the default. In order to access this table, you must have the IdentityRiskyUser.Read.All permission and the signed-in user must be assigned a supported Microsoft Entra role or a custom role with a supported role permission of Global Reader, Security Operator, Security Reader, or Security Administrator.
Columns
| Name | Type | Description |
| RiskyUserId | String | |
| id [KEY] | String | |
| isDeleted | String | |
| isProcessing | String | |
| riskDetail | String | |
| riskLastUpdatedDateTime | String | |
| riskLevel | String | |
| riskState | String | |
| userDisplayName | String | |
| userPrincipalName | String | |
| activity_detail | String | |
| activity_riskEventTypes | String | |
| initiatedBy | String | |
| userId | String |