Microsoft Identity And Access (Graph)

Version: 2.0.0

Microsoft Identity And Access (Graph) is the gateway to access Azure Active Directory (Azure AD) resources to enable scenarios like managing administrator (directory) roles, inviting external users to an organization

Connect Microsoft Identity And Access (Graph) with LogicHub

  1. Navigate to Automations > Integrations.
  2. Search for Microsoft Identity And Access.
  3. Click Details, then the + icon. Enter the required information in the following fields.
    • Label: Enter a connection name.
    • Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
    • Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
    • Remote Agent: Run this integration using the LogicHub Remote Agent.
    • Tenant ID: Tenant ID of the app created in Azure Active Directory.
    • Client ID: Client ID of the app created in Azure Active Directory.
    • Client Secret: Client secret of the app created in Azure Active Directory.
  4. After you've entered all the details, click Connect.

📘

Note

These actions require "Azure AD Premium P1/P2 license".

Actions for Microsoft Identity And Access (Graph)

List Risk Detections

Get a list of the risk detection objects and their properties.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Custom OData queryJinja-template for custom OData query to retrieve a list of alerts (Default is no filter). Example: riskState eq 'remediated'.Optional
Number of messages to be fetchedNumber of messages to be fetched. It'll override $top provided in "Custom OData query" (Default is 10 messages if it is not provided in "Custom OData query" also).Optional

Output

json containing following items:

  • has_error: True/False
  • error: message/null
  • result: List of Risk Detections.

Get Risk Detection

Retrieve the properties and relationships of a risk detection object.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Risk Detection IDOptionalJinja-template for Unique identifier(id) of a risk detection object.
Example: {{risk_detection_id_column}}.

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
  • result: Risk Detection.

List Risky Users

Get a list of the risky user objects and their properties.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Custom OData queryJinja-template for custom OData query to retrieve a list of alerts (Default is no filter). e.g. riskState eq 'remediated'.Optional
Number of messages to be fetchedNumber of messages to be fetched. It'll override $top provided in "Custom OData query" (Default is 10 messages if it is not provided in "Custom OData query" also).Optional

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
  • result: List of Risky Users

Get Risky User

Retrieve the properties and relationships of a risky user object.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Risky User IDJinja-template for Unique identifier(id) of a risky user object.
Example: {{risky_user_id_column}}.
Optional

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
  • result: Risky User

Confirm Compromised Risky User

Confirm one or more risky user objects as compromised. This action sets the targeted user's risk level to high.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Risky User Id'sJinja-templated string containing comma separated risky user ids to confirm compromised.
Example: {{risky_user_id_column1}}, {{risky_user_id_column2}}.
Optional

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
  • result: Success/Failure

Dismiss Compromised Risky User

Dismiss the risk of one or more risky user objects. This action sets the targeted user's risk level to none.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Risky User Id'sJinja-templated string containing comma separated risky user ids to confirm compromised.
Example: {{risky_user_id_column1}}, {{risky_user_id_column2}}.
Optional

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
  • result: Success/Failure

List User History

Get the risky user history items from the history navigation property.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Risky User IDJinja-template for Unique identifier(id) of a risky user object.
Example: {{risky_user_id_column}}.
Optional
History Item IDJinja-template for Unique identifier(id) of a history item object.
Example: {{history_item_id_column}}.
Optional
Custom OData queryJinja-template for custom OData query to retrieve a list of alerts (Default is no filter). Example: riskState eq 'remediated'.Optional
Number of messages to be fetchedNumber of messages to be fetched. It'll override $top provided in "Custom OData query" (Default is 10 messages if it is not provided in "Custom OData query" also).Optional

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
  • result: List of User History

Get User History

Retrieve the properties and relationships of a risky user history item object

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Risky User IDJinja template for Unique identifier(id) of a risky user object. Example: {{risky_user_id_column}}.Optional
Custom OData queryJinja template for custom OData query to retrieve a list of alerts (Default is no filter).
Example: riskState eq 'remediated'.
Optional
Number of messages to be fetchedNumber of messages to be fetched. It'll override $top provided in "Custom OData query" (Default is 10 messages if it is not provided in "Custom OData query" also).Optional

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
  • result: User History

List IP Named Location

Get a list of namedLocation objects.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Explode ResultsExplode each result in a separate row. (Default is No)Optional

Output

A JSON object containing multiple rows of result:

{
  "result": [
    {
      "@odata.type": "#microsoft.graph.ipNamedLocation",
      "id": "0aab4fe7-d8ad-44cd-8c36-815fc0e82b24",
      "displayName": "1610469824546",
      "modifiedDateTime": "2022-04-11T07:20:08.871778Z",
      "createdDateTime": "2022-04-11T07:20:08.871778Z",
      "isTrusted": false,
      "ipRanges": [
        {
          "@odata.type": "#microsoft.graph.iPv4CidrRange",
          "cidrAddress": "12.34.221.11/22"
        }
      ]
    },
    {
      "@odata.type": "#microsoft.graph.ipNamedLocation",
      "id": "02e33bf8-c949-408e-950a-211b32223ce1",
      "displayName": "1610469824892",
      "modifiedDateTime": "2022-04-11T07:20:09.9641995Z",
      "createdDateTime": "2022-04-11T07:20:09.9641995Z",
      "isTrusted": false,
      "ipRanges": [
        {
          "@odata.type": "#microsoft.graph.iPv4CidrRange",
          "cidrAddress": "12.34.221.11/22"
        }
      ]
    }
  ],
  "has_error": false,
  "error": null,
  "stdout": "",
  "stderr": ""
}

Create IP Named Location

Create namedLocation objects.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Display NameJinja-template for display name of IP named locationRequired
IP RangesJinja-template for IP ranges. For example:[{"@odata.type": "#microsoft.graph.iPv4CidrRange","cidrAddress": "12.34.221.11/22"}]Required
Is TrustedJinja-template for is trusted (Default is False)Optional

Output

A JSON object containing multiple rows of result:

{
  "displayName": "0b56b98b-e814-4405-99da-7bae69cb30d2",
  "isTrusted": true,
  "@odata.type": "#microsoft.graph.ipNamedLocation",
  "has_error": false,
  "id": "0c57cd3d-45ed-438a-9f01-d8666843c139",
  "error": null,
  "createdDateTime": "2022-04-11T09:55:13.4968154Z",
  "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#identity/conditionalAccess/namedLocations/$entity",
  "ipRanges": [
    {
      "@odata.type": "#microsoft.graph.iPv4CidrRange",
      "cidrAddress": "12.34.221.11/22"
    }
  ],
  "modifiedDateTime": "2022-04-11T09:55:13.4968154Z"
}

Get IP Named Location

Get namedLocation object.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
IP Named Location IDJinja-template for IP named location Id.Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
  • result: IP Named Location Object
{
  "result": 
  {
      "@odata.type": "#microsoft.graph.ipNamedLocation",
      "id": "0aab4fe7-d8ad-44cd-8c36-815fc0e82b24",
      "displayName": "1610469824546",
      "modifiedDateTime": "2022-04-11T07:20:08.871778Z",
      "createdDateTime": "2022-04-11T07:20:08.871778Z",
      "isTrusted": false,
      "ipRanges": [
        {
          "@odata.type": "#microsoft.graph.iPv4CidrRange",
          "cidrAddress": "12.34.221.11/22"
        }
      ]
    },
  "has_error": false,
  "error": null,
  "stdout": "",
  "stderr": ""
}

Delete IP Named Location

Delete namedLocation objects.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
IP Named Location IDJinja-template for IP named location Id.Required

Output

A JSON object containing multiple rows of result:

{
  "result": "Deleted successfully.",
  "error": null,
  "has_error": false
}

Update IP Named Location

Update namedLocation objects.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
IP Named Location IDJinja-template for IP named location Id.Required
Display NameJinja-template for display name of IP named locationOptional
IP RangesJinja-template for IP ranges. For example:[{"@odata.type": "#microsoft.graph.iPv4CidrRange","cidrAddress": "12.34.221.11/22"}]Required
Is TrustedJinja-template for is trusted (Default is False)Optional

Output

A JSON object containing multiple rows of result:

{
  "result": "Updated successfully.",
  "error": null,
  "has_error": false
}

Release Notes

  • v2.0.0 - Updated architecture to support IO via filesystem
  • v1.1.1 - Added 5 new actions: List IP NamedLocation, Create IP NamedLocation, Get IP NamedLocation, Update IP NamedLocation and Delete IP NamedLocation.

© Devo Technology Inc. All Rights Reserved.