| AccountDisplayName |
Name displayed in the address book entry for the account user. This is usually a combination of the given name, middle initial, and surname of the user. |
String |
| AccountDomain |
Domain of the account |
String |
| AccountName |
User name of the account |
String |
| AccountObjectId |
Unique identifier for the account in Microsoft Entra ID |
String |
| AccountUpn |
User principal name (UPN) of the account |
String |
| Address |
Address of the account user |
String |
| AssignedRoles |
Active roles assigned to the account |
Object |
| BlastRadius |
A calculation based on the position of the user in the org tree and the user’s Microsoft Entra roles and permissions. Possible values: Low, Medium, High |
String |
| ChangeSource |
The last source system to modify the account user |
String |
| City |
City where the client IP address is geolocated |
String |
| CloudSid |
Cloud security identifier of the account |
String |
| CompanyName |
The name for the company in which the user works |
String |
| Country |
Country/Region where the account user is located |
String |
| CreatedDateTime |
Date and time when the account user was created |
DateTime |
| CriticalityLevel |
The criticality score of each account |
Int32 |
| DeletedDateTime |
The date and time the user was deleted |
DateTime |
| Department |
Name of the department that the account user belongs to |
String |
| DistinguishedName |
On premises distinguished name of the account user |
String |
| EmailAddress |
SMTP address of the account |
String |
| EmployeeId |
The employee identifier assigned to the user by the organization |
String |
| GivenName |
Given name or first name of the account user |
String |
| GroupMembership |
Account’s group membership description |
Object |
| IdentityEnvironment |
Environment where the identity is used; possible values: CloudOnly, Hybrid, On-premises |
String |
| IdentityId |
Unique identifier for the identity |
String |
| IsAccountEnabled |
Indicates whether the account is enabled or not |
Boolean |
| JobTitle |
Job title of the account user |
String |
| Manager |
Manager of the account user |
String |
| OnPremObjectId |
The ad Object Id of the User |
String |
| OnPremSid |
On-premises security identifier (SID) of the account |
String |
| OtherMailAddresses |
Additional email addresses of the user |
Object |
| Phone |
Phone number of the account user |
String |
| PrivilegedEntraPimRoles |
A snapshot of privileged role assignment schedules and eligibility schedules for the account as maintained by Microsoft Entra Privileged Identity Management (excluding activated assignments) |
Object |
| ReportId |
Unique identifier for the event |
String |
| RiskLevel |
The AAD risk level (Low/Medium/High) of the user account |
String |
| RiskLevelDetails |
Details regarding the AAD risk level |
String |
| RiskStatus |
State of the user’s risk. The possible values are none, confirmedSafe, remediated, atRisk, unknownFutureValue. |
String |
| SipProxyAddress |
Voice of over IP (VOIP) session initiation protocol (SIP) address of the account |
String |
| SourceProvider |
The primary Identity provider of the account user |
String |
| SourceProviders |
Source providers of the accounts for the identity; possible values: ActiveDirectory, EntraID, Okta |
Object |
| SourceSystem |
|
String |
| State |
State where the sign-in occurred, if available |
String |
| Surname |
Surname, family name, or last name of the account user |
String |
| Tags |
Labels representing various attributes used to identify or categorize a security configuration |
Object |
| TenantId |
|
String |
| TenantMembershipType |
The Entra Id user type. The possible values are: guest and member |
String |
| TimeGenerated |
|
DateTime |
| Timestamp |
Date and time when the record was generated |
DateTime |
| Type |
The certificate’s type. It is one of the following: Machine, Server, Intermediate, Root, TrustedPublisher or Other |
String |
| UserAccountControl |
Security attributes of the user account in the AD domain. |
Object |