Azure Identity Protection 1.0.0
App Vendor: Microsoft Azure
App Category: Identity Management Service
Connector Version: 1.0.1
API Version: 1.0.0
About App
Azure Identity Protection application allows organizations to discover, investigate, and remediate identity-based risks in their Azure AD organization.
The Azure Identity Protection app is configured with Orchestrate to perform the following actions:
Action Name | Description |
|---|---|
Confirm Risky User Compromised | This action confirms one or more risky users as compromised and sets the targeted user's risk level to high. |
Dismiss Risky User | This action dismisses the risk of one or more risky users and sets the targeted user's risk level to none. |
Get Risk Detection | This action retrieves the properties and relationships of a risk detection object. |
Get Risky Users | This action retrieves the details of a risky user. |
Get Sign In | This action retrieves a specific Azure AD user sign-in event for a tenant. |
List Risk Detection | This action retrieves a list of the risk-detection objects and their properties. |
List Risky Users | This action retrieves a list of risky users. |
List Sign In | This action retrieves the Azure AD user sign-ins for your tenant. |
Permissions
Certain actions such as Dismiss Risky User, Get Sign In, and List Sign In need some specific permissions as shown in the following screenshot before you use them. To learn more, including how to choose permissions, see Microsoft Graph permissions reference.
 |
In addition to the permissions, the signed-in user must belong to one of the following directory roles to use the actions. To learn more about directory roles, see Azure AD built-in roles.
Global Administrator
Global Reader
Reports Reader
Security Administrator
Security Operator
Security Reader
To learn more about the permissions required to use an action, refer to the following Microsoft documentation:
Identitiy protection permissions: Use the Microsoft Graph identity protection APIs - Microsoft Graph v1.0
Risk detections: riskDetection resource type - Microsoft Graph v1.0
risky user: riskyUser resource type - Microsoft Graph v1.0
Audit logs – Sign -in: List signIns - Microsoft Graph v1.0
Configuration Parameters
The following configuration parameters are required for the Azure Identity Protection app to communicate with the Azure Identity Protection enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Tenant Id | The tenant id of the azure instance to connect to. e.g. 09cd25c9-29b3-99ff-b49z-41235465b427 | Text | Required | |
Client Id | The client id of the application that will be used to connect to azure. e.g. 09cd25c9-29b3-99ff-b49z-41235465b427 | Text | Required | |
Client Secret | The client secret of the application that will be used to connect to azure. e.g. 12345~123245123245abc~abc1234512345abc | Password | Required |
Action: Confirm Risky User Compromised
This action confirms one or more risky user as compromised and sets the targeted user's risk level to high.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
User IDs | Enter the user IDs to confirm. Example: $LIST[04487ee0-f4f6-4e7f-8999-facc5a30e232,13387ee0-f4f6-4e7f-8999-facc5120e345] | List | Required |
|
Action: Dismiss Risky User
This action dismisses the risk of one or more risky user and sets the targeted user's risk level to none.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
User IDs | Enter the user Ids to dismiss. Example: $LIST[04487ee0-f4f6-4e7f-8999-facc5a30e232,13387ee0-f4f6-4e7f-8999-facc5120e345] | List | Required |
|
Action: Get Risk Detection
This action retrieves the properties and relationships of a risk detection object.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Risk ID | Enter the risk detection ID to retrieve the properties and relationships of the object. Example: "c2b6c2b9-dddc-acd0-2b39-d519d803dbc3" | Text | Required |
|
Action: Get Risky Users
This action retrieves the details of a risky user.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
User ID | Enter the ID of a risky user. Example: "c2b6c2b9-dddc-acd0-2b39-d519d803dbc3" | Text | Required |
|
Action: Get Sign In
This action retrieves a specific Azure AD user sign-in event for a tenant.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Sign ID | Enter the sign-in ID to retrieve the sign-in events. Example: "66ea54eb-6301-4ee5-be62-ff5a759b0100" | Text | Required |
|
Action: List Risk Detection
This action retrieves a list of the risk-detection objects and their properties.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Top | Enter to set the page size of results. Example: 10 | Integer | Optional |
|
Skip | Enter the number of results to skip from the start. Example: 5 | Integer | Optional |
|
Filters | Enter filters to filter the result row-wise. Example: "startswith(givenname,'j')" | Text | Optional |
|
Search | Enter search criteria to retrieve specific results. Example: "abcdefab-af90-4edf-ac4c-742ff06735d0" | Text | Optional |
|
Select | Enter select criteria to filter the result column-wise. Example:
| Text | Optional |
|
Action: List Risky Users
This action retrieves a list of risky users.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Top | Enter to set the page size of results. Example: 10 | Integer | Optional | |
Skip | Enter the number of results to skip from the start. Example: 5 | Integer | Optional | |
Filters | Enter filters to filter the result row-wise. Example: "startswith(givenname,'j')" | Text | Optional | |
Search | Enter search criteria to retrieve specific results. Example: "abcdefab-af90-4edf-ac4c-742ff06735d0" | Text | Optional | |
Select | Enter select criteria to filter the result column-wise. Example:
| Text | Optional |
Action: List Sign In
This action retrieves the Azure AD user sign-ins for your tenant.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Top | Enter to set the page size of results. Example: 10 | Integer | Optional |
|
Skip | Enter the number of results to skip from the start. Example: 5 | Integer | Optional |
|
Filters | Enter filters to filter the result row-wise. Example: "startswith(givenname,'j')" | Text | Optional |
|