Confirm Microsoft Entra ID Risky User - Alert Triggered
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
↑ Back to Content Index
This playbook will set the Risky User property in Microsoft Entra ID using Graph API.
Logic App Connectors
This playbook uses 3 Logic App connectors / built-in actions:
Action parameters (URLs, paths, function IDs)
| Action |
Method |
Endpoint |
Other |
| Get_user |
get |
/v1.0/users/@{encodeURIComponent(concat(items('For_each')?['Name'], '@', items('For_each')?['UPNSuffix']))} |
— |
| Action |
Method |
Endpoint |
Other |
| Confirm_a_risky_user_as_compromised |
post |
/beta/riskyUsers/confirmCompromised |
— |
| Action |
Method |
Endpoint |
Other |
| Alert_-_Get_incident |
get |
/Incidents/subscriptions/@{encodeURIComponent(triggerBody()?['WorkspaceSubscriptionId'])}/resourceGroups/@{encodeURIComponent(triggerBody()?['WorkspaceResourceGroup'])}/workspaces/@{encodeURIComponent(triggerBody()?['WorkspaceId'])}/alerts/@{encodeURIComponent(triggerBody()?['SystemAlertId'])} |
— |
| Entities_-_Get_Accounts |
post |
/entities/account |
— |
| Add_comment_to_incident_(V3) |
post |
/Incidents/Comment |
— |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
↑ Back to Playbooks · Back to Microsoft Entra ID Protection