Microsoft Entra ID Protection

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Solutions Index

---

Attribute	Value
Publisher	Microsoft Corporation
Support Tier	Microsoft
Support Link	https://support.microsoft.com/
Categories	domains
Version	3.0.1
Author	Microsoft - support@microsoft.com
First Published	2022-05-18
Solution Folder	Microsoft Entra ID Protection
Marketplace	Azure Marketplace · Popularity: 🟢 High (94%)

The Microsoft Entra ID Protection solution for Microsoft Sentinel allows you to ingest Security alerts reported in Microsoft Entra ID Protection for risky users and events in Microsoft Entra ID.

Contents

• Data Connectors
• Internal Tables
• Content Items

Data Connectors

This solution provides 1 data connector(s):

• Microsoft Entra ID Protection

Internal Tables

The following 2 table(s) are used internally by this solution's content items:

Table	Used By Connectors	Used By Content
IdentityInfo	-	Analytics
SecurityAlert	Microsoft Entra ID Protection	Analytics

Content Items

This solution includes 6 content item(s):

Content Type	Count
Playbooks	5
Analytic Rules	1

Analytic Rules

Name	Severity	Tactics	Tables Used
Correlate Unfamiliar sign-in properties & atypical travel alerts	High	InitialAccess	Internal use: IdentityInfo SecurityAlert

Playbooks

Name	Description	Tables Used
Confirm Microsoft Entra ID Risky User - Alert Triggered	This playbook will set the Risky User property in Microsoft Entra ID using Graph API.	-
Confirm Microsoft Entra ID Risky User - Incident Triggered	For each account entity included in the incident, this playbook will set the Risky User property in ...	-
Dismiss Microsoft Entra ID Risky User - Alert Triggered	This playbook will dismiss the Risky User property in Microsoft Entra ID using Microsoft Entra ID Co...	-
Dismiss Microsoft Entra ID Risky User – Incident Triggered	This playbook will dismiss the Risky User property in Microsoft Entra ID using Microsoft Entra ID Co...	-
Identity Protection response from Teams	Run this playbook on incidents which contains suspicious Microsoft Entra ID identities. For each acc...	-

Release Notes

Version	Date Modified (DD-MM-YYYY)	Change History
3.0.3	07-07-2025	To enhance functionality, improve entity mappings, and update playbook configurations.
3.0.2	07-04-2025	Updated ConnectivityCriteria Type in Data Connector.
3.0.1	01-18-2024	Updated mapping in Analytic Rule for better correlation
3.0.0	09-11-2023	Changes for rebranding from Azure Active Directory Identity Protection to Microsoft Entra ID Protection

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Solutions Index