RFI-confirm-EntraID-risky-user

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Content Index

---

This playbook confirms compromise of users deemed 'high risk' by EntraID.

Attribute	Value
Type	Playbook
Solution	Recorded Future Identity
Source	View on GitHub

Logic App Connectors

This playbook uses 2 Logic App connectors / built-in actions:

Connector / Action	Type	Connections	Actions
azuread	Managed	1	1
azureadip	Managed	1	1

Action parameters (URLs, paths, function IDs)

azuread (Managed)

Action	Method	Endpoint	Other
Get_User_-_Check_if_the_user_exists_in_Active_Directory	get	/v1.0/users/@{encodeURIComponent(variables('user_principal_name'))}	—

azureadip (Managed)

Action	Method	Endpoint	Other
Confirm_the_user_is_indeed_compromised	post	/beta/riskyUsers/confirmCompromised	—

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Playbooks · Back to Recorded Future Identity