AS-Delete-App-Registration

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Content Index

This playbook is intended to be run from a Microsoft Sentinel incident. If any app registration entities are found (i.e., any entities where kind == CloudApplication), they will be deleted. This playbook matches by name, since a unique app registration ID cannot currently be pulled into the entity list, so if there are multiple app registrations exactly matching the name(s) of the CloudApplication entities, all will be deleted.

Attribute	Value
Type	Playbook
Solution	Standalone Content
Source	View on GitHub

Logic App Connectors

This playbook uses 3 Logic App connectors / built-in actions:

Connector / Action	Type	Connections	Actions
`azuresentinel`	Managed	1	1
`keyvault`	Managed	1	1
`http`	Built-in	0	2

Action parameters (URLs, paths, function IDs)

`azuresentinel` (Managed)

Action	Method	Endpoint	Other
Add_comment_to_incident_(V3)	post	`/Incidents/Comment`	—

`keyvault` (Managed)

Action	Method	Endpoint	Other
Get_Secret	get	`[concat('/secrets/@{encodeURIComponent(''', parameters('SecretName'), ''')}/value')]`	—

`http` (Built-in)

Action	Method	Endpoint	Other
HTTP_-_Delete_App_Registration	DELETE	`https://graph.microsoft.com/v1.0/applications/@{items('For_each_-_App_Registration')?['id']}`	—
HTTP_-_Get_App_Registrations	GET	`https://graph.microsoft.com/v1.0/applications?$select=id,displayName`	—

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Playbooks

AS-Delete-App-Registration

Logic App Connectors

azuresentinel (Managed)

keyvault (Managed)

http (Built-in)

`azuresentinel` (Managed)

`keyvault` (Managed)

`http` (Built-in)