Trying to bulk dismiss all risky signons so my security team can start new.
It should be able to be done using this powershell code:
get-riskyUser -Top 5 -Filter "Riskstate eq 'AtRisk'" -Orderby RiskLastUpdatedDateTime | Invoke-DismissRiskyUser
But I get this error 5 times:
VERBOSE: Performing the operation "Invoke-DismissRiskyUser_Dismiss" on target "Call remote 'RiskyUsersDismiss' operation".
Invoke-DismissRiskyUser_Dismiss: You cannot perform the requested operation.
I did authorize the scope for connect-graph with "IdentityRiskyUser.ReadWrite.All" as well assigned a P2 license to my admin account (which I think is stupid given the feature is a P1 feature)
This cmdlet calls the following API:
https://learn.microsoft.com/en-us/graph/api/riskyusers-dismiss?view=graph-rest-beta&tabs=http
so I dug up postman, got my self a shinny new bearer token based on a freshly minted app registration with the "IdentityRiskyUser.ReadWrite.All" API via app delegation which was then admin consented to then posted to the API using this body:
{
"userIds": [
"d9460130-07f0-43a9-9faa-df8c6635f4b7",
"faff0a2a-143e-431d-bd44-99db3f4fc30d"
]
}
and got back:
{
"error": {
"code": "BadRequest",
"message": "Invalid user ids.",
"innerError": {
"request-id": "a1dcf05e-bbf2-436a-9614-2a2d5b5d0fc0",
"date": "2019-12-06T19:59:03"
}
}
}
I triple checked those IDs are valid, also tried all lower case in the attribute name.
At a loss for what to do next, anyone have any thoughts and/or where I can post to github to open a ticket against the code?
