Dismiss Microsoft Entra ID Risky User – Incident Triggered

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Content Index

This playbook will dismiss the Risky User property in Microsoft Entra ID using Microsoft Entra ID Connectors.

Attribute	Value
Type	Playbook
Solution	Microsoft Entra ID Protection
Source	View on GitHub

Logic App Connectors

This playbook uses 3 Logic App connectors / built-in actions:

Connector / Action	Type	Connections	Actions
`azuread`	Managed	1	1
`azureadip`	Managed	1	1
`azuresentinel`	Managed	1	2

Action parameters (URLs, paths, function IDs)

`azuread` (Managed)

Action	Method	Endpoint	Other
Get_user	get	`/v1.0/users/@{encodeURIComponent(concat(items('For_each')?['Name'], '@', items('For_each')?['UPNSuffix']))}`	—

`azureadip` (Managed)

Action	Method	Endpoint	Other
Dismiss_a_risky_user	post	`/beta/riskyUsers/dismiss`	—

`azuresentinel` (Managed)

Action	Method	Endpoint	Other
Entities_-_Get_Accounts	post	`/entities/account`	—
Add_comment_to_incident_(V3)	post	`/Incidents/Comment`	—

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Playbooks · Back to Microsoft Entra ID Protection