Microsoft Identity And Access (Graph)

Microsoft Identity And Access (Graph) is the gateway to access Azure Active Directory (Azure AD) resources to enable scenarios like managing administrator (directory) roles, inviting external users to an organization

Integration with LogicHub

Connecting with Microsoft Identity And Access (Graph)

To connect to Microsoft Identity And Access (Graph) following details are required:

  • Label: Connection name.
  • Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
  • Tenant ID: Tenant ID of the app created in Azure Active Directory.
  • Client ID: Client ID of the app created in Azure Active Directory.
  • Client Secret: Client secret of the app created in Azure Active Directory.

📘

Note

These actions require "Azure AD Premium P1/P2 license".

Actions with Microsoft Identity And Access (Graph)

List Risk Detections

Get a list of the risk detection objects and their properties.

Inputs to this Action:

  • Connection: Choose a connection that you have created.
  • Jinja Template Custom OData query (Optional): Jinja template for custom OData query to retrieve a list of alerts (Default is no filter). e.g. riskState eq 'remediated'.
  • Number of messages to be fetched (Optional): Number of messages to be fetched. It'll override $top provided in "Custom OData query" (Default is 10 messages if it is not provided in "Custom OData query" also).

Output of Action:
json containing following items:

  • has_error: True/False
  • error: message/null
  • result: List of Risk Detections.

Get Risk Detection

Retrieve the properties and relationships of a risk detection object.

Inputs to this Action:

  • Connection: Choose a connection that you have created.
  • Jinja Template Risk Detection ID (Optional): Jinja template for Unique identifier(id) of a risk detection object. e.g. {{risk_detection_id_column}}.

Output of Action:
json containing following items:

  • has_error: True/False
  • error: message/null
  • result: Risk Detection.

List Risky Users

Get a list of the risky user objects and their properties.

Inputs to this Action:

  • Connection: Choose a connection that you have created.
  • Jinja Template Custom OData query (Optional): Jinja template for custom OData query to retrieve a list of alerts (Default is no filter). e.g. riskState eq 'remediated'.
  • Number of messages to be fetched (Optional): Number of messages to be fetched. It'll override $top provided in "Custom OData query" (Default is 10 messages if it is not provided in "Custom OData query" also).

Output of Action:
json containing following items:

  • has_error: True/False
  • error: message/null
  • result: List of Risky Users

Get Risky User

Retrieve the properties and relationships of a risky user object.

Inputs to this Action:

  • Connection: Choose a connection that you have created.
  • Jinja Template Risky User ID (Optional): Jinja template for Unique identifier(id) of a risky user object. e.g. {{risky_user_id_column}}.

Output of Action:
json containing following items:

  • has_error: True/False
  • error: message/null
  • result: Risky User

Confirm Compromised Risky User

Confirm one or more risky user objects as compromised. This action sets the targeted user's risk level to high.

Inputs to this Action:

  • Connection: Choose a connection that you have created.
  • Jinja Template Risky User Id's (Optional): Jinja-templated string containing comma separated risky user ids to confirm compromised. Example: {{risky_user_id_column1}}, {{risky_user_id_column2}}.

Output of Action:
json containing following items:

  • has_error: True/False
  • error: message/null
  • result: Success/Failure

Dismiss Compromised Risky User

Dismiss the risk of one or more risky user objects. This action sets the targeted user's risk level to none.

Inputs to this Action:

  • Connection: Choose a connection that you have created.
  • Jinja Template Risky User Id's (Optional): Jinja-templated string containing comma separated risky user ids to confirm compromised. Example: {{risky_user_id_column1}}, {{risky_user_id_column2}}.

Output of Action:
json containing following items:

  • has_error: True/False
  • error: message/null
  • result: Success/Failure

List User History

Get the risky user history items from the history navigation property.

Inputs to this Action:

  • Connection: Choose a connection that you have created.
  • Jinja Template Risky User ID (Optional): Jinja template for Unique identifier(id) of a risky user object. e.g. {{risky_user_id_column}}.
  • Jinja Template History Item ID (Optional): Jinja template for Unique identifier(id) of a history item object. e.g. {{history_item_id_column}}.
  • Jinja Template Custom OData query (Optional): Jinja template for custom OData query to retrieve a list of alerts (Default is no filter). e.g. riskState eq 'remediated'.
  • Number of messages to be fetched (Optional): Number of messages to be fetched. It'll override $top provided in "Custom OData query" (Default is 10 messages if it is not provided in "Custom OData query" also).

Output of Action:
json containing following items:

  • has_error: True/False
  • error: message/null
  • result: List of User History

Get User History

Retrieve the properties and relationships of a risky user history item object

Inputs to this Action:

  • Connection: Choose a connection that you have created.
  • Jinja Template Risky User ID (Optional): Jinja template for Unique identifier(id) of a risky user object. e.g. {{risky_user_id_column}}.
  • Jinja Template Custom OData query (Optional): Jinja template for custom OData query to retrieve a list of alerts (Default is no filter). e.g. riskState eq 'remediated'.
  • Number of messages to be fetched (Optional): Number of messages to be fetched. It'll override $top provided in "Custom OData query" (Default is 10 messages if it is not provided in "Custom OData query" also).

Output of Action:
json containing following items:

  • has_error: True/False
  • error: message/null
  • result: User History

Did this page help you?