{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "#/components/schemas/microsoft.graph.userSecurityState",
  "title": "userSecurityState",
  "required": [
    "@odata.type"
  ],
  "type": "object",
  "properties": {
    "aadUserId": {
      "type": "string",
      "description": "AAD User object identifier (GUID) - represents the physical/multi-account user entity.",
      "nullable": true
    },
    "accountName": {
      "type": "string",
      "description": "Account name of user account (without Active Directory domain or DNS domain) - (also called mailNickName).",
      "nullable": true
    },
    "domainName": {
      "type": "string",
      "description": "NetBIOS/Active Directory domain of user account (that is, domain/account format).",
      "nullable": true
    },
    "emailRole": {
      "anyOf": [
        {
          "$ref": "#/components/schemas/microsoft.graph.emailRole"
        },
        {
          "type": "object",
          "nullable": true
        }
      ],
      "description": "For email-related alerts - user account's email 'role'. The possible values are: unknown, sender, recipient."
    },
    "isVpn": {
      "type": "boolean",
      "description": "Indicates whether the user logged on through a VPN.",
      "nullable": true
    },
    "logonDateTime": {
      "pattern": "^[0-9]{4,}-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])T([01][0-9]|2[0-3]):[0-5][0-9]:[0-5][0-9]([.][0-9]{1,12})?(Z|[+-][0-9][0-9]:[0-9][0-9])$",
      "type": "string",
      "description": "Time at which the sign-in occurred. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.",
      "format": "date-time",
      "nullable": true
    },
    "logonId": {
      "type": "string",
      "description": "User sign-in ID.",
      "nullable": true
    },
    "logonIp": {
      "type": "string",
      "description": "IP Address the sign-in request originated from.",
      "nullable": true
    },
    "logonLocation": {
      "type": "string",
      "description": "Location (by IP address mapping) associated with a user sign-in event by this user.",
      "nullable": true
    },
    "logonType": {
      "anyOf": [
        {
          "$ref": "#/components/schemas/microsoft.graph.logonType"
        },
        {
          "type": "object",
          "nullable": true
        }
      ],
      "description": "Method of user sign in. The possible values are: unknown, interactive, remoteInteractive, network, batch, service."
    },
    "onPremisesSecurityIdentifier": {
      "type": "string",
      "description": "Active Directory (on-premises) Security Identifier (SID) of the user.",
      "nullable": true
    },
    "riskScore": {
      "type": "string",
      "description": "Provider-generated/calculated risk score of the user account. Recommended value range of 0-1, which equates to a percentage.",
      "nullable": true
    },
    "userAccountType": {
      "anyOf": [
        {
          "$ref": "#/components/schemas/microsoft.graph.userAccountSecurityType"
        },
        {
          "type": "object",
          "nullable": true
        }
      ],
      "description": "User account type (group membership), per Windows definition. The possible values are: unknown, standard, power, administrator."
    },
    "userPrincipalName": {
      "type": "string",
      "description": "User sign-in name - internet format: (user account name)@(user account DNS domain name).",
      "nullable": true
    },
    "@odata.type": {
      "type": "string"
    }
  }
}