Queries for the AADServicePrincipalRiskEvents table

  • Article

For information on using these queries in the Azure portal, see Log Analytics tutorial. For the REST API, see Query.

Active service principal risk detections

Gets a list of active service principal risk detections.

AADServicePrincipalRiskEvents
| summarize arg_max(LastUpdatedDateTime, *) by RequestId, ServicePrincipalId
| where RiskState == "atRisk"